General audience texts
Besides the scholarly publications listed below, I have written many texts in English and German. My more notable German texts appeared by DNIP.ch. I also maintain document collections intended for a broad audience:
Scholarly publications
Up-to-date citation counts (provided by Google Scholar). List of patents granted.
2019
Robert Müller; Corinna Schmitt; Daniel Kaiser; Marcel Waldvogel
HomeCA: Scalable Secure IoT Network Integration Proceedings Article
In: Stumme, David; Geihs; Lange; (Ed.): INFORMATIK 2019, pp. 167-180, Gesellschaft für Informatik, 2019.
Abstract | BibTeX | Tags: Internet of Things, Security, Wireless | Links:
@inproceedings{mueller2019homeca,
title = {HomeCA: Scalable Secure IoT Network Integration},
author = {Robert Müller; Corinna Schmitt; Daniel Kaiser; Marcel Waldvogel},
editor = {David; Geihs; Lange; Stumme},
url = {https://netfuture.ch/wp-content/uploads/2019/09/mueller2019homeca.pdf},
year = {2019},
date = {2019-09-25},
urldate = {1000-01-01},
booktitle = {INFORMATIK 2019},
journal = {INFORMATIK 2019},
volume = {P-294},
pages = {167-180},
publisher = {Gesellschaft für Informatik},
series = {LNI},
abstract = {Integrating Internet of Things (IoT) devices into an existing network is a nightmare. Minimalistic, unfriendly user interfaces, if any; badly chosen security methods, most notably the defaults; lack of long term security; and bugs or misconfigurations are plentiful. As a result, an increasing number of owners operate unsecure devices.
Our investigations into the root causes of the problems resulted in the development of Home Certificate Authority (HomeCA). HomeCA includes a comprehensive set of secure, vendor-independent interoperable practices based on existing protocols and open standards. HomeCA avoids most of the current pitfalls in network integration by design. Long-term protocol security, permission management, and secure usage combined with simplified device integration and secure key updates on ownership acquisition pave the way toward scalable, federated IoT security.},
keywords = {Internet of Things, Security, Wireless},
pubstate = {published},
tppubtype = {inproceedings}
}
Integrating Internet of Things (IoT) devices into an existing network is a nightmare. Minimalistic, unfriendly user interfaces, if any; badly chosen security methods, most notably the defaults; lack of long term security; and bugs or misconfigurations are plentiful. As a result, an increasing number of owners operate unsecure devices.
Our investigations into the root causes of the problems resulted in the development of Home Certificate Authority (HomeCA). HomeCA includes a comprehensive set of secure, vendor-independent interoperable practices based on existing protocols and open standards. HomeCA avoids most of the current pitfalls in network integration by design. Long-term protocol security, permission management, and secure usage combined with simplified device integration and secure key updates on ownership acquisition pave the way toward scalable, federated IoT security.
Our investigations into the root causes of the problems resulted in the development of Home Certificate Authority (HomeCA). HomeCA includes a comprehensive set of secure, vendor-independent interoperable practices based on existing protocols and open standards. HomeCA avoids most of the current pitfalls in network integration by design. Long-term protocol security, permission management, and secure usage combined with simplified device integration and secure key updates on ownership acquisition pave the way toward scalable, federated IoT security.
2018
Marcel Waldvogel; Thomas Zink
Einfache Zwei-Faktor-Authentisierung Journal Article
In: Digma, vol. 2018, no. 3, 2018, ISSN: 2270000414598.
Abstract | BibTeX | Tags: Passwords, Security, Two-Factor Authentication, Usability | Links:
@article{Waldvogel2018Einfache-2FA,
title = {Einfache Zwei-Faktor-Authentisierung},
author = {Marcel Waldvogel and Thomas Zink},
url = {https://netfuture.ch/wp-content/uploads/2018/09/einfache-zwei-faktor-authentisierung.pdf},
issn = {2270000414598},
year = {2018},
date = {2018-09-30},
urldate = {1000-01-01},
journal = {Digma},
volume = {2018},
number = {3},
abstract = {Der Trend zu Kundennähe und architektonischen Offenheit in Firmen und Behörden führt zu zusätzlichen Herausforderungen bei Datenschutz und -sicherheit. Viel zu häufig fehlen Know-How, Quellcode oder Ressourcen, um die betroffenen Anwendungen an die neuen Sicherheitsanforderungen anzupassen. Wir zeigen auf, wie gerade in diesen Fällen eine Zwei-Faktor-Authentisierung mittels X.509-Zertifikaten eine schnell umsetzbare, einfache, komfortable und trotzdem starke und erweiterbare Sicherheitskomponente sein kann, z.T. ohne Eingriff in die Anwendung.},
keywords = {Passwords, Security, Two-Factor Authentication, Usability},
pubstate = {published},
tppubtype = {article}
}
Der Trend zu Kundennähe und architektonischen Offenheit in Firmen und Behörden führt zu zusätzlichen Herausforderungen bei Datenschutz und -sicherheit. Viel zu häufig fehlen Know-How, Quellcode oder Ressourcen, um die betroffenen Anwendungen an die neuen Sicherheitsanforderungen anzupassen. Wir zeigen auf, wie gerade in diesen Fällen eine Zwei-Faktor-Authentisierung mittels X.509-Zertifikaten eine schnell umsetzbare, einfache, komfortable und trotzdem starke und erweiterbare Sicherheitskomponente sein kann, z.T. ohne Eingriff in die Anwendung.
Matthias Held; Marcel Waldvogel
Fighting Ransomware with Guided Undo Proceedings Article
In: Proceedings of NISK 2018, 2018.
Abstract | BibTeX | Tags: Cloud Storage, Intrusion Detection, Ransomware, Replication, Security, Usability, Web Applications | Links:
@inproceedings{Held2018FightingRansomware,
title = {Fighting Ransomware with Guided Undo},
author = {Matthias Held and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2018/07/held2018fightingransomware.pdf
https://netfuture.ch/wp-content/uploads/2018/09/ransomware_detection.pdf
https://netfuture.ch/wp-content/uploads/2018/09/2018-ransomware.odp},
year = {2018},
date = {2018-09-18},
urldate = {1000-01-01},
booktitle = {Proceedings of NISK 2018},
abstract = {Ransomware attacks are rare, yet catastrophic. On closer inspection, they differ from other malware infections: Given appropriate preparation, they do not need to be caught on first sight, but can be undone later. However, current ransomware protection follows the beaten path of anti-malware copying their fallacies. We show how the move to personal cloud storage allows for a paradigm shift in ransomware protection: exceptional attack isolation, perfect elimination of false positive alerts, and simplified recovery.
In this paper, we analyze the necessary operations for ransomware, extend existing ransomware taxonomy, and verify them against real-world malware samples. We analyze the costs and benefits of moving ransomware detection to versioned personal cloud storage. Our content, meta data, and behavior analysis paired with a `guilt by association' capability greatly improve the false positive rate, but the guided undo make this rate all but inconsequential. Even though the user now carries a new burden, it comes with clear responsibilities and benefits, while being freed from questionable duties, resulting in a win-win situation for user experience and detection quality.
},
keywords = {Cloud Storage, Intrusion Detection, Ransomware, Replication, Security, Usability, Web Applications},
pubstate = {published},
tppubtype = {inproceedings}
}
Ransomware attacks are rare, yet catastrophic. On closer inspection, they differ from other malware infections: Given appropriate preparation, they do not need to be caught on first sight, but can be undone later. However, current ransomware protection follows the beaten path of anti-malware copying their fallacies. We show how the move to personal cloud storage allows for a paradigm shift in ransomware protection: exceptional attack isolation, perfect elimination of false positive alerts, and simplified recovery.
In this paper, we analyze the necessary operations for ransomware, extend existing ransomware taxonomy, and verify them against real-world malware samples. We analyze the costs and benefits of moving ransomware detection to versioned personal cloud storage. Our content, meta data, and behavior analysis paired with a `guilt by association’ capability greatly improve the false positive rate, but the guided undo make this rate all but inconsequential. Even though the user now carries a new burden, it comes with clear responsibilities and benefits, while being freed from questionable duties, resulting in a win-win situation for user experience and detection quality.
In this paper, we analyze the necessary operations for ransomware, extend existing ransomware taxonomy, and verify them against real-world malware samples. We analyze the costs and benefits of moving ransomware detection to versioned personal cloud storage. Our content, meta data, and behavior analysis paired with a `guilt by association’ capability greatly improve the false positive rate, but the guided undo make this rate all but inconsequential. Even though the user now carries a new burden, it comes with clear responsibilities and benefits, while being freed from questionable duties, resulting in a win-win situation for user experience and detection quality.
Marcel Waldvogel
Meltdown und Spectre: Lesen ohne zu lesen Journal Article
In: Computerworld, 2018.
Abstract | BibTeX | Tags: Security | Links:
@article{Waldvogel-Meltdown,
title = {Meltdown und Spectre: Lesen ohne zu lesen},
author = {Marcel Waldvogel},
url = {https://www.computerworld.ch/security/hardware/meltdown-spectre-lesen-zu-lesen-1461525.html},
year = {2018},
date = {2018-01-17},
urldate = {1000-01-01},
journal = {Computerworld},
abstract = {Was Meltdown und Spectre mit einem Schachspiel zu tun haben und worum es bei den Sicherheitslücken aus technischer Sicht geht. Ein Informatikprofessor erklärt.},
keywords = {Security},
pubstate = {published},
tppubtype = {article}
}
Was Meltdown und Spectre mit einem Schachspiel zu tun haben und worum es bei den Sicherheitslücken aus technischer Sicht geht. Ein Informatikprofessor erklärt.
2017
Robert Müller; Marcel Waldvogel; Corinna Schmitt
MoDeNA: Enhancing User Security for Devices in Wireless Personal and Local Area Networks Proceedings Article
In: Proceedings of AIMS 2017, 2017.
Abstract | BibTeX | Tags: Internet of Things, Mobile Networks, Security, Usability | Links:
@inproceedings{Müller2017MoDeNA-AIMS,
title = {MoDeNA: Enhancing User Security for Devices in Wireless Personal and Local Area Networks},
author = {Robert Müller and Marcel Waldvogel and Corinna Schmitt},
url = {https://netfuture.ch/wp-content/uploads/2017/07/mueller2017modena.pdf
https://netfuture.ch/wp-content/uploads/2017/07/modena_presentation_aims_2017_07_12.pdf},
year = {2017},
date = {2017-07-10},
urldate = {1000-01-01},
booktitle = {Proceedings of AIMS 2017},
abstract = {Today most used devices are connected with each other building the Internet of Things (IoT). A variety of protocols are used depending on the underlying network infrastructure, application (e.g., Smart City, eHealth), and device capability. The judgment of the security feeling of the data sharing depends on personal settings (e.g., easy to use, encrypted transmission, anonymization support). MoDeNA – a Mobile Device Network Assistant – was developed offering an opportunity for understanding the judgment of security by bringing the user’s concerns and their technology understanding of used devices and protocols into relation. MoDeNA provides a transparent overview over the used wireless security of the user’s device giving concrete advices for improving the connection security and usability of mobile device security.},
keywords = {Internet of Things, Mobile Networks, Security, Usability},
pubstate = {published},
tppubtype = {inproceedings}
}
Today most used devices are connected with each other building the Internet of Things (IoT). A variety of protocols are used depending on the underlying network infrastructure, application (e.g., Smart City, eHealth), and device capability. The judgment of the security feeling of the data sharing depends on personal settings (e.g., easy to use, encrypted transmission, anonymization support). MoDeNA – a Mobile Device Network Assistant – was developed offering an opportunity for understanding the judgment of security by bringing the user’s concerns and their technology understanding of used devices and protocols into relation. MoDeNA provides a transparent overview over the used wireless security of the user’s device giving concrete advices for improving the connection security and usability of mobile device security.
Ursula Uttinger; Marcel Waldvogel
FAQ Datenschutz und Informationstechnologie in der medizinischen Praxis Booklet
Bern, Switzerland, 2017.
Abstract | BibTeX | Tags: Data Protection, Medical Data, Security | Links:
@booklet{uttinger2017datenschutz,
title = {FAQ Datenschutz und Informationstechnologie in der medizinischen Praxis},
author = {Ursula Uttinger and Marcel Waldvogel},
editor = {EQUAM Stiftung},
url = {https://netfuture.ch/wp-content/uploads/2017/11/faq-datenschutz-und-it_verzeichnis.pdf},
year = {2017},
date = {2017-06-01},
urldate = {1000-01-01},
address = {Bern, Switzerland},
abstract = {Für Ärztinnen, Ärzte, MPA, Praxismanager und -managerinnen ist der sorgfältige Umgang mit den ihnen anvertrauten Patientendaten ein wichtiges Anliegen. Doch wie kann man diese Daten schützen?
Die rechtliche Lage ist oftmals nur schwer durchschaubar. Rechtstexte behandeln das Thema auf einer übergeordneten Ebene und sind nicht einfach zu interpretieren. Zudem wirft die zunehmende Digitalisierung der Arztpraxen viele Fragen auf. Patientendaten müssen inmitten eines rasanten technologischen Wandels bestmöglichst geschützt werden.
Diese Wegleitung soll Ihnen eine praxisbezogene Handreichung für den Umgang mit medizinischen und anderen Patientendaten in Ihrer Praxis sein.},
month = {06},
keywords = {Data Protection, Medical Data, Security},
pubstate = {published},
tppubtype = {booklet}
}
Für Ärztinnen, Ärzte, MPA, Praxismanager und -managerinnen ist der sorgfältige Umgang mit den ihnen anvertrauten Patientendaten ein wichtiges Anliegen. Doch wie kann man diese Daten schützen?
Die rechtliche Lage ist oftmals nur schwer durchschaubar. Rechtstexte behandeln das Thema auf einer übergeordneten Ebene und sind nicht einfach zu interpretieren. Zudem wirft die zunehmende Digitalisierung der Arztpraxen viele Fragen auf. Patientendaten müssen inmitten eines rasanten technologischen Wandels bestmöglichst geschützt werden.
Diese Wegleitung soll Ihnen eine praxisbezogene Handreichung für den Umgang mit medizinischen und anderen Patientendaten in Ihrer Praxis sein.
Die rechtliche Lage ist oftmals nur schwer durchschaubar. Rechtstexte behandeln das Thema auf einer übergeordneten Ebene und sind nicht einfach zu interpretieren. Zudem wirft die zunehmende Digitalisierung der Arztpraxen viele Fragen auf. Patientendaten müssen inmitten eines rasanten technologischen Wandels bestmöglichst geschützt werden.
Diese Wegleitung soll Ihnen eine praxisbezogene Handreichung für den Umgang mit medizinischen und anderen Patientendaten in Ihrer Praxis sein.
Marcel Waldvogel; Thomas Zink
X.509 User Certificate-based Two-Factor Authentication for Web Applications Proceedings Article
In: Müller, Paul; Neumair, Bernhard; Reiser, Helmut; Dreo Rodosek, Gabi (Ed.): 10. DFN-Forum Kommunikationstechnologien, 2017.
Abstract | BibTeX | Tags: Federated Services, Identity Management, Passwords, Security, Usability, Web Applications, X.509 | Links:
@inproceedings{Waldvogel-X509,
title = {X.509 User Certificate-based Two-Factor Authentication for Web Applications},
author = {Marcel Waldvogel and Thomas Zink},
editor = {Paul Müller and Bernhard Neumair and Helmut Reiser and Dreo Rodosek, Gabi},
url = {https://netfuture.ch/wp-content/uploads/2018/05/x509auth.pdf
},
year = {2017},
date = {2017-05-30},
urldate = {1000-01-01},
booktitle = {10. DFN-Forum Kommunikationstechnologien},
abstract = {An appealing property to researchers, educators, and students is the openness of the physical environment and IT infrastructure of their organizations. However, to the IT administration, this creates challenges way beyond those of a single-purpose business or administration. Especially the personally identifiable information or the power of the critical functions behind these logins, such as financial transactions or manipulating user accounts, require extra protection in the heterogeneous educational environment with single-sign-on. However, most web-based environments still lack a reasonable second-factor protection or at least the enforcement of it for privileged operations without hindering normal usage.
In this paper we introduce a novel and surprisingly simple yet extremely flexible way to implement two-factor authentication based on X.509 user certificates in web applications. Our solution requires only a few lines of code in web server configuration and none in the application source code for basic protection. Furthermore, since it is based on X.509 certificates, it can be easily combined with smartcards or USB cryptotokens to further enhance security.},
keywords = {Federated Services, Identity Management, Passwords, Security, Usability, Web Applications, X.509},
pubstate = {published},
tppubtype = {inproceedings}
}
An appealing property to researchers, educators, and students is the openness of the physical environment and IT infrastructure of their organizations. However, to the IT administration, this creates challenges way beyond those of a single-purpose business or administration. Especially the personally identifiable information or the power of the critical functions behind these logins, such as financial transactions or manipulating user accounts, require extra protection in the heterogeneous educational environment with single-sign-on. However, most web-based environments still lack a reasonable second-factor protection or at least the enforcement of it for privileged operations without hindering normal usage.
In this paper we introduce a novel and surprisingly simple yet extremely flexible way to implement two-factor authentication based on X.509 user certificates in web applications. Our solution requires only a few lines of code in web server configuration and none in the application source code for basic protection. Furthermore, since it is based on X.509 certificates, it can be easily combined with smartcards or USB cryptotokens to further enhance security.
In this paper we introduce a novel and surprisingly simple yet extremely flexible way to implement two-factor authentication based on X.509 user certificates in web applications. Our solution requires only a few lines of code in web server configuration and none in the application source code for basic protection. Furthermore, since it is based on X.509 certificates, it can be easily combined with smartcards or USB cryptotokens to further enhance security.
Marcel Waldvogel
Weg vom Internet der (unsicheren) Dinge Journal Article
In: PC-Tipp, 2017.
Abstract | BibTeX | Tags: Public, Security | Links:
@article{Waldvogel2017Weg,
title = {Weg vom Internet der (unsicheren) Dinge},
author = {Marcel Waldvogel},
url = {http://www.pctipp.ch/tipps-tricks/kummerkasten/sicherheit/artikel/weg-vom-internet-der-unsicheren-dinge-87430/},
year = {2017},
date = {2017-03-30},
urldate = {1000-01-01},
journal = {PC-Tipp},
abstract = {Immer mehr Dinge des Alltags sind mit dem Internet verbunden und dementsprechend auch darüber steuerbar: Das Internet der Dinge ist überall. Damit es nicht uns beherrscht, sondern wir es beherrschen können, finden Sie hier einige Tipps.},
keywords = {Public, Security},
pubstate = {published},
tppubtype = {article}
}
Immer mehr Dinge des Alltags sind mit dem Internet verbunden und dementsprechend auch darüber steuerbar: Das Internet der Dinge ist überall. Damit es nicht uns beherrscht, sondern wir es beherrschen können, finden Sie hier einige Tipps.
Thomas Zink; Marcel Waldvogel
X.509 User Certificate-based Two-Factor Authentication for Web Applications Technical Report
Distributed Systems Laboratory, University of Konstanz no. KN-2017-DISY-03, 2017.
Abstract | BibTeX | Tags: Certificates, Identity Management, Security, Two-Factor Authentication, Usability, Web Applications, X509 | Links:
@techreport{Zink2017X509,
title = {X.509 User Certificate-based Two-Factor Authentication for Web Applications},
author = {Thomas Zink and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2017/03/kn-2017-disy-03.pdf},
year = {2017},
date = {2017-03-14},
urldate = {1000-01-01},
number = {KN-2017-DISY-03},
institution = {Distributed Systems Laboratory, University of Konstanz},
abstract = {An appealing property to researchers, educators, and students is the openness
of the physical environment and IT infrastructure of their organizations. How-
ever, to the IT administration, this creates challenges way beyond those of a
single-purpose business or administration. Especially the personally identifiable
information or the power of the critical functions behind these logins, such as
financial transactions or manipulating user accounts, require extra protection in
the heterogeneous educational environment with single-sign-on. However, most
web-based environments still lack a reasonable second-factor protection or at
least the enforcement of it for privileged operations without hindering normal
usage.
In this paper we introduce a novel and surprisingly simple yet extremely flex-
ible way to implement two-factor authentication based on X.509 user certificates
in web applications. Our solution requires only a few lines of code in web server
configuration and none in the application source code for basic protection. Fur-
thermore, since it is based on X.509 certificates, it can be easily combined with
smartcards or USB cryptotokens to further enhance security.},
keywords = {Certificates, Identity Management, Security, Two-Factor Authentication, Usability, Web Applications, X509},
pubstate = {published},
tppubtype = {techreport}
}
An appealing property to researchers, educators, and students is the openness
of the physical environment and IT infrastructure of their organizations. How-
ever, to the IT administration, this creates challenges way beyond those of a
single-purpose business or administration. Especially the personally identifiable
information or the power of the critical functions behind these logins, such as
financial transactions or manipulating user accounts, require extra protection in
the heterogeneous educational environment with single-sign-on. However, most
web-based environments still lack a reasonable second-factor protection or at
least the enforcement of it for privileged operations without hindering normal
usage.
In this paper we introduce a novel and surprisingly simple yet extremely flex-
ible way to implement two-factor authentication based on X.509 user certificates
in web applications. Our solution requires only a few lines of code in web server
configuration and none in the application source code for basic protection. Fur-
thermore, since it is based on X.509 certificates, it can be easily combined with
smartcards or USB cryptotokens to further enhance security.
of the physical environment and IT infrastructure of their organizations. How-
ever, to the IT administration, this creates challenges way beyond those of a
single-purpose business or administration. Especially the personally identifiable
information or the power of the critical functions behind these logins, such as
financial transactions or manipulating user accounts, require extra protection in
the heterogeneous educational environment with single-sign-on. However, most
web-based environments still lack a reasonable second-factor protection or at
least the enforcement of it for privileged operations without hindering normal
usage.
In this paper we introduce a novel and surprisingly simple yet extremely flex-
ible way to implement two-factor authentication based on X.509 user certificates
in web applications. Our solution requires only a few lines of code in web server
configuration and none in the application source code for basic protection. Fur-
thermore, since it is based on X.509 certificates, it can be easily combined with
smartcards or USB cryptotokens to further enhance security.
Robert Müller; Marcel Waldvogel; Corinna Schmitt
MoDeNA: Enhancing User Security for Devices in Wireless Personal and Local Area Networks Technical Report
Distributed Systems Laboratory, University of Konstanz no. KN-2017-DISY-02, 2017.
Abstract | BibTeX | Tags: Internet of Things, Security, Usability, Wireless, WPAN | Links:
@techreport{Mueller2017MoDeNA,
title = {MoDeNA: Enhancing User Security for Devices in Wireless Personal and Local Area Networks},
author = {Robert Müller and Marcel Waldvogel and Corinna Schmitt},
url = {https://netfuture.ch/wp-content/uploads/2017/03/kn-2017-disy-02.pdf},
year = {2017},
date = {2017-03-13},
urldate = {1000-01-01},
number = {KN-2017-DISY-02},
institution = {Distributed Systems Laboratory, University of Konstanz},
abstract = {Today most used devices are connected with each other building the Internet
of Things (IoT). They communicate with each other directly and share data with
a plethora of other devices indirectly by using the underlying network infrastruc-
ture. In both cases a variety of protocols are used depending on infrastructure,
application (e.g., Smart City, eHealth), and device capability. But the overall
concept of the data sharing is to do it in a secure manner so that different users
(e.g., consumer, facilities, provider) can gain benefits. But what does “secure
manner” means? This is a big question between the stakeholders, especially when
talking of wireless personal and local area networks (WPANs) and wireless local
area networks (WLAN), because the judgment of the security feeling depends
on personal settings (e.g., easy to use, encrypted transmission, anonymization
support). Therefore, MoDeNA – a Mobile Device Network Assistant – was de-
veloped offering an opportunity for understanding the judgment of security by
bringing the user’s concerns and their technology understanding of used devices
and protocols into relation. MoDeNA provides a transparent overview over the
used wireless security of the user’s device giving concrete advices for improving
the connection security, helping to improve usability of mobile device security. As
a use-case the smart city environment is used, because this is the most common
area, where many different WPAN and WLAN connections exist, supported by
different underlying infrastructures, and where secure data transmission is es-
sential, because it is an “open communication area”.},
keywords = {Internet of Things, Security, Usability, Wireless, WPAN},
pubstate = {published},
tppubtype = {techreport}
}
Today most used devices are connected with each other building the Internet
of Things (IoT). They communicate with each other directly and share data with
a plethora of other devices indirectly by using the underlying network infrastruc-
ture. In both cases a variety of protocols are used depending on infrastructure,
application (e.g., Smart City, eHealth), and device capability. But the overall
concept of the data sharing is to do it in a secure manner so that different users
(e.g., consumer, facilities, provider) can gain benefits. But what does “secure
manner” means? This is a big question between the stakeholders, especially when
talking of wireless personal and local area networks (WPANs) and wireless local
area networks (WLAN), because the judgment of the security feeling depends
on personal settings (e.g., easy to use, encrypted transmission, anonymization
support). Therefore, MoDeNA – a Mobile Device Network Assistant – was de-
veloped offering an opportunity for understanding the judgment of security by
bringing the user’s concerns and their technology understanding of used devices
and protocols into relation. MoDeNA provides a transparent overview over the
used wireless security of the user’s device giving concrete advices for improving
the connection security, helping to improve usability of mobile device security. As
a use-case the smart city environment is used, because this is the most common
area, where many different WPAN and WLAN connections exist, supported by
different underlying infrastructures, and where secure data transmission is es-
sential, because it is an “open communication area”.
of Things (IoT). They communicate with each other directly and share data with
a plethora of other devices indirectly by using the underlying network infrastruc-
ture. In both cases a variety of protocols are used depending on infrastructure,
application (e.g., Smart City, eHealth), and device capability. But the overall
concept of the data sharing is to do it in a secure manner so that different users
(e.g., consumer, facilities, provider) can gain benefits. But what does “secure
manner” means? This is a big question between the stakeholders, especially when
talking of wireless personal and local area networks (WPANs) and wireless local
area networks (WLAN), because the judgment of the security feeling depends
on personal settings (e.g., easy to use, encrypted transmission, anonymization
support). Therefore, MoDeNA – a Mobile Device Network Assistant – was de-
veloped offering an opportunity for understanding the judgment of security by
bringing the user’s concerns and their technology understanding of used devices
and protocols into relation. MoDeNA provides a transparent overview over the
used wireless security of the user’s device giving concrete advices for improving
the connection security, helping to improve usability of mobile device security. As
a use-case the smart city environment is used, because this is the most common
area, where many different WPAN and WLAN connections exist, supported by
different underlying infrastructures, and where secure data transmission is es-
sential, because it is an “open communication area”.
Robert Müller; Marcel Waldvogel; Daniel Kaiser
HomeCA: Scalable Secure IoT Network Integration Technical Report
Distributed Systems Laboratory, University of Konstanz no. KN-2017-DISY-01, 2017.
Abstract | BibTeX | Tags: Internet of Things, Security, Trust | Links:
@techreport{Mueller2017HomeCA,
title = {HomeCA: Scalable Secure IoT Network Integration},
author = {Robert Müller and Marcel Waldvogel and Daniel Kaiser},
url = {https://netfuture.ch/wp-content/uploads/2017/03/kn-2017-disy-01.pdf},
year = {2017},
date = {2017-03-12},
urldate = {1000-01-01},
number = {KN-2017-DISY-01},
institution = {Distributed Systems Laboratory, University of Konstanz},
abstract = {The sheer number of devices in the Internet of Things (IoT) makes efficient
device integration into a user’s home or corporate network a nightmare. More and
more owners lose control over their devices, often due to badly chosen security
defaults, software bugs, or broken protocols. The lack of user interface and the
long period of device usage increase the plight. We identify several root causes,
resulting in HomeCA, a comprehensive set of secure, vendor-neutral practices
based on existing protocols and open standards. These practices avoid most of
the common pitfalls, allow long-term permission management and secure usage,
and include support for automatic device integration. We also present a protocol
for ensuring secure key updates when acquiring device ownership.},
keywords = {Internet of Things, Security, Trust},
pubstate = {published},
tppubtype = {techreport}
}
The sheer number of devices in the Internet of Things (IoT) makes efficient
device integration into a user’s home or corporate network a nightmare. More and
more owners lose control over their devices, often due to badly chosen security
defaults, software bugs, or broken protocols. The lack of user interface and the
long period of device usage increase the plight. We identify several root causes,
resulting in HomeCA, a comprehensive set of secure, vendor-neutral practices
based on existing protocols and open standards. These practices avoid most of
the common pitfalls, allow long-term permission management and secure usage,
and include support for automatic device integration. We also present a protocol
for ensuring secure key updates when acquiring device ownership.
device integration into a user’s home or corporate network a nightmare. More and
more owners lose control over their devices, often due to badly chosen security
defaults, software bugs, or broken protocols. The lack of user interface and the
long period of device usage increase the plight. We identify several root causes,
resulting in HomeCA, a comprehensive set of secure, vendor-neutral practices
based on existing protocols and open standards. These practices avoid most of
the common pitfalls, allow long-term permission management and secure usage,
and include support for automatic device integration. We also present a protocol
for ensuring secure key updates when acquiring device ownership.
2015
Daniel Kaiser; Andreas Rain; Marcel Waldvogel; Holger Strittmatter
A Multicast-Avoiding Privacy Extension for the Avahi Zeroconf Daemon Proceedings Article
In: NetSys 2015, Gesellschaft für Informatik, 2015.
Abstract | BibTeX | Tags: DNS-SD, Privacy, Security, Zeroconf | Links:
@inproceedings{Kaiser2015Multicast-avoiding,
title = {A Multicast-Avoiding Privacy Extension for the Avahi Zeroconf Daemon},
author = {Daniel Kaiser and Andreas Rain and Marcel Waldvogel and Holger Strittmatter},
url = {https://netfuture.ch/wp-content/uploads/2014/12/kaiser2015multicast-avoiding.pdf
https://netfuture.ch/wp-content/uploads/2015/03/mdns-security-poster.pdf},
year = {2015},
date = {2015-03-10},
urldate = {1000-01-01},
booktitle = {NetSys 2015},
publisher = {Gesellschaft für Informatik},
abstract = {In today’s local networks, a significant amount of traffic is caused by Multicast packets, such as Multicast DNS Service Discovery (mDNS-SD), a widespread technique used for configurationless service distribution and discovery. It suffers from two major problems inherent in multicast: privacy and network load. We present a privacy extension for the Avahi Zeroconf Daemon that tackles both problems while being very efficient.},
keywords = {DNS-SD, Privacy, Security, Zeroconf},
pubstate = {published},
tppubtype = {inproceedings}
}
In today’s local networks, a significant amount of traffic is caused by Multicast packets, such as Multicast DNS Service Discovery (mDNS-SD), a widespread technique used for configurationless service distribution and discovery. It suffers from two major problems inherent in multicast: privacy and network load. We present a privacy extension for the Avahi Zeroconf Daemon that tackles both problems while being very efficient.
Marcel Waldvogel; Thomas Zink
Boost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination Proceedings Article
In: NetSys 2015, Gesellschaft für Informatik, 2015.
Abstract | BibTeX | Tags: DNS, Privacy, Security | Links:
@inproceedings{Waldvogel2015Boost,
title = {Boost DNS Privacy, Reliability, and Efficiency with opDNS Safe Query Elimination},
author = {Marcel Waldvogel and Thomas Zink},
url = {https://netfuture.ch/wp-content/uploads/2014/12/waldvogel2015boost.pdf
https://netfuture.ch/wp-content/uploads/2015/03/opdns-poster.pdf},
year = {2015},
date = {2015-03-10},
urldate = {1000-01-01},
booktitle = {NetSys 2015},
publisher = {Gesellschaft für Informatik},
abstract = {SRV records, DNSSEC, and DANE among others fortify the Domain Name System as the central information hub behind the Internet. Largely hidden from the end user, an increasing number of protocol and trust decisions are contingent on DNS. Neglect or attacks on DNS have much more impact today than ever, now endangering security far beyond denial of service. Opportunistic Persistent DNS (opDNS) addresses these problems by abandoning pessimistic caching and eliminating unnecessary traffic. Today’s DNS infrastructure relies on the hosts forgetting and refreshing DNS records in relatively short time. In conjunction with TLS, opDNS greatly reduces the number of queries and in turn increases privacy, reliability, and efficiency. Even with DNS lookups all but eliminated for frequently visited secure services, changes to the server addresses will be recognized almost immediately, unlike standard DNS. We will show how end systems can take advantage of opDNS without having to wait for support by server operators or application developers, enabling the most effective way of deployment.},
keywords = {DNS, Privacy, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
SRV records, DNSSEC, and DANE among others fortify the Domain Name System as the central information hub behind the Internet. Largely hidden from the end user, an increasing number of protocol and trust decisions are contingent on DNS. Neglect or attacks on DNS have much more impact today than ever, now endangering security far beyond denial of service. Opportunistic Persistent DNS (opDNS) addresses these problems by abandoning pessimistic caching and eliminating unnecessary traffic. Today’s DNS infrastructure relies on the hosts forgetting and refreshing DNS records in relatively short time. In conjunction with TLS, opDNS greatly reduces the number of queries and in turn increases privacy, reliability, and efficiency. Even with DNS lookups all but eliminated for frequently visited secure services, changes to the server addresses will be recognized almost immediately, unlike standard DNS. We will show how end systems can take advantage of opDNS without having to wait for support by server operators or application developers, enabling the most effective way of deployment.
Klaus Herberth; Daniel Scharon; Matthias Fratz; Marcel Waldvogel
JSXC: Adding Encrypted Chat with 3 Lines of Code Proceedings Article
In: NetSys 2015, Gesellschaft für Informatik, 2015.
Abstract | BibTeX | Tags: Security, XMPP | Links:
@inproceedings{Herberth2015JSXC,
title = {JSXC: Adding Encrypted Chat with 3 Lines of Code},
author = {Klaus Herberth and Daniel Scharon and Matthias Fratz and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2014/12/herberth2015jsxc.pdf
https://netfuture.ch/wp-content/uploads/2015/02/jsxc-poster.pdf},
year = {2015},
date = {2015-03-10},
urldate = {1000-01-01},
booktitle = {NetSys 2015},
publisher = {Gesellschaft für Informatik},
abstract = {If it is not in the web, it does not exist. However, most of our current arsenal of web services are provided for free by large international corporations – free as in targeted advertising. More privacy-aware self-hosted alternatives frequently lack the feature set of their commercial rivals, leaving users to decide between privacy and functionality. Therefore, we present WISEchat (Web-Integrated Secure Enhanced Chat), our concept for enhancing practical security for web-based chat, as well as an implementation, the JavaScript XMPP Client (JSXC). By design, JSXC can be easily and painlessly integrated into existing web apps to equip them with encrypted chat capabilities, making them more attractive and thus more frequently providing a secure alternative as the most functional and convenient alternative.},
keywords = {Security, XMPP},
pubstate = {published},
tppubtype = {inproceedings}
}
If it is not in the web, it does not exist. However, most of our current arsenal of web services are provided for free by large international corporations – free as in targeted advertising. More privacy-aware self-hosted alternatives frequently lack the feature set of their commercial rivals, leaving users to decide between privacy and functionality. Therefore, we present WISEchat (Web-Integrated Secure Enhanced Chat), our concept for enhancing practical security for web-based chat, as well as an implementation, the JavaScript XMPP Client (JSXC). By design, JSXC can be easily and painlessly integrated into existing web apps to equip them with encrypted chat capabilities, making them more attractive and thus more frequently providing a secure alternative as the most functional and convenient alternative.
2014
Marcel Waldvogel; Jürgen Kollek
SIEGE: Service-Independent Enterprise-GradE protection against password scans Journal Article
In: DFN-Mitteilungen, no. 87, pp. 40–46, 2014, ISSN: 0177-6894.
Abstract | BibTeX | Tags: Federated Services, Intrusion Detection, Security | Links:
@article{Waldvogel2014SIEGE-DFN,
title = {SIEGE: Service-Independent Enterprise-GradE protection against password scans},
author = {Marcel Waldvogel and Jürgen Kollek},
editor = {Kai Hoelzner},
url = {https://netfuture.ch/wp-content/uploads/2014/12/SIEGE-DFN.pdf
https://www.dfn.de/fileadmin/5Presse/DFNMitteilungen/DFN_Mitteilungen_87.pdf},
issn = {0177-6894},
year = {2014},
date = {2014-11-30},
urldate = {1000-01-01},
journal = {DFN-Mitteilungen},
number = {87},
pages = {40--46},
abstract = {Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common de- fenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many net- work services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense for our infrastructure against one of the strongest threats.},
keywords = {Federated Services, Intrusion Detection, Security},
pubstate = {published},
tppubtype = {article}
}
Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common de- fenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many net- work services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense for our infrastructure against one of the strongest threats.
Marcel Waldvogel; Jürgen Kollek
SIEGE: Service-Independent Enterprise-GradE protection against password scans Proceedings Article
In: Müller, Paul; Neumair, Bernhard; Reiser, Helmut; Dreo Rodosek, Gabi (Ed.): 7. DFN-Forum Kommunikationstechnologien — Beiträge der Fachtagung, Gesellschaft für Informatik, 2014.
Abstract | BibTeX | Tags: Federated Services, Identity Management, Intrusion Detection, Passwords, Peer, Security | Links:
@inproceedings{Waldvogel2014SIEGE,
title = {SIEGE: Service-Independent Enterprise-GradE protection against password scans},
author = {Marcel Waldvogel and Jürgen Kollek},
editor = {Paul Müller and Bernhard Neumair and
Helmut Reiser and Dreo Rodosek, Gabi},
url = {https://netfuture.ch/wp-content/uploads/2014/08/Waldvogel2014SIEGE.pdf
https://netfuture.ch/wp-content/uploads/2014/08/Waldvogel2014SIEGE-slides.pdf},
year = {2014},
date = {2014-06-16},
urldate = {1000-01-01},
booktitle = {7. DFN-Forum Kommunikationstechnologien -- Beiträge der Fachtagung},
publisher = {Gesellschaft für Informatik},
series = {Lecture Notes in Informatics},
abstract = {Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common defenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many network services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense against one of the strongest threats against our infrastructure.},
keywords = {Federated Services, Identity Management, Intrusion Detection, Passwords, Peer, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common defenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many network services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense against one of the strongest threats against our infrastructure.
Marcel Waldvogel; Klaus Herberth; Daniel Scharon
Chat in Forschung und Lehre? Sicher! Journal Article
In: DFN-Mitteilungen, no. 86, pp. 38-41, 2014, ISSN: 0177-6894.
Abstract | BibTeX | Tags: Federated Services, Privacy, Security, Social Networks, Video Chat, Web Applications, XMPP | Links:
@article{Waldvogel2014Chat,
title = {Chat in Forschung und Lehre? Sicher!},
author = {Marcel Waldvogel and Klaus Herberth and Daniel Scharon},
url = {https://netfuture.ch/wp-content/uploads/2014/05/Waldvogel2014Chat.pdf
https://www.dfn.de/publikationen/dfnmitteilungen/},
issn = {0177-6894},
year = {2014},
date = {2014-05-23},
urldate = {1000-01-01},
journal = {DFN-Mitteilungen},
number = {86},
pages = {38-41},
abstract = {Instant Messaging, Audio- und Videoanrufe, kurz Chat, ist aus unserem täglichen Leben nicht mehr wegzudenken. Die meisten nutzen dafür geschlossene Systeme, die für den Privatgebrauch bequem sind, für den dienstlichen Einsatz in Forschung und Lehre aber an Datenschutz und Privatsphäre scheitern. Das muss nicht so sein: Auf Basis des offenen, föderierten Extensible Messaging and Presence Protocols (XMPP) bietet WISEchat webbasiert und -integriert die Sicherheit, den Komfort und die Erweiterbarkeit, die eine moderne Hochschule braucht. Die Hintergründe, Vorteile und Zukunftssicherheit erläutern wir anhand einiger konkreter Beispiele.},
keywords = {Federated Services, Privacy, Security, Social Networks, Video Chat, Web Applications, XMPP},
pubstate = {published},
tppubtype = {article}
}
Instant Messaging, Audio- und Videoanrufe, kurz Chat, ist aus unserem täglichen Leben nicht mehr wegzudenken. Die meisten nutzen dafür geschlossene Systeme, die für den Privatgebrauch bequem sind, für den dienstlichen Einsatz in Forschung und Lehre aber an Datenschutz und Privatsphäre scheitern. Das muss nicht so sein: Auf Basis des offenen, föderierten Extensible Messaging and Presence Protocols (XMPP) bietet WISEchat webbasiert und -integriert die Sicherheit, den Komfort und die Erweiterbarkeit, die eine moderne Hochschule braucht. Die Hintergründe, Vorteile und Zukunftssicherheit erläutern wir anhand einiger konkreter Beispiele.
Klaus Herberth; Daniel Kaiser; Daniel Scharon; Marcel Waldvogel
Interaktive Webseiten für effiziente Kooperation auf Basis offener Standards Technical Report
University of Konstanz no. KN-2014-DiSy-002, 2014.
Abstract | BibTeX | Tags: Collaboration, Privacy, Security, Social Networks, Video Chat, Web Applications, XMPP | Links:
@techreport{herberth14interaktive,
title = {Interaktive Webseiten für effiziente Kooperation auf Basis offener Standards},
author = {Klaus Herberth and Daniel Kaiser and Daniel Scharon and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2014/01/herberth14interaktive.pdf},
year = {2014},
date = {2014-01-18},
urldate = {1000-01-01},
number = {KN-2014-DiSy-002},
institution = {University of Konstanz},
abstract = {Homepages von Forschern, Informationsseiten der Verwaltung, Support- und Beratungsseiten, Webmail oder sonstige Groupware begleiten uns bei der täglichen Arbeit im akademischen Umfeld. Unmittelbare Rückfragen zu den Inhalten oder Interaktionen sind jedoch weiterhin nicht möglich; eine Integration von Direktkontakten wäre häufig angenehm und hilfreich. Swoosch, unsere Javascript-Bibliothek auf Basis der offenen Standards XMPP, HTML5 und WebRTC, bietet hier Abhilfe. Auf einfachste Weise lassen sich so bestehende Webseiten und -anwendungen transparent um Funktionen für Instant Messaging inklusive Videokonferenz erweitern und neue Beratungs- und Kommunikationskanäle eröffnen, bei denen die Privatsphäre durch Ende-zu-Ende-Verschlüsselung gesichert ist. Die Erfahrungen in den Testinstallationen zeigten nahtlose Integration, niedrige Eintrittsschwelle, Geschwindigkeit und Benutzerfreundlichkeit. Durch die inhärente Föderation von XMPP ist der Dienst auch über die Organisationsgrenzen hinaus einsetzbar. Dank seiner offenen Standards ist Swoosch beinahe beliebig integrier- und erweiterbar.},
keywords = {Collaboration, Privacy, Security, Social Networks, Video Chat, Web Applications, XMPP},
pubstate = {published},
tppubtype = {techreport}
}
Homepages von Forschern, Informationsseiten der Verwaltung, Support- und Beratungsseiten, Webmail oder sonstige Groupware begleiten uns bei der täglichen Arbeit im akademischen Umfeld. Unmittelbare Rückfragen zu den Inhalten oder Interaktionen sind jedoch weiterhin nicht möglich; eine Integration von Direktkontakten wäre häufig angenehm und hilfreich. Swoosch, unsere Javascript-Bibliothek auf Basis der offenen Standards XMPP, HTML5 und WebRTC, bietet hier Abhilfe. Auf einfachste Weise lassen sich so bestehende Webseiten und -anwendungen transparent um Funktionen für Instant Messaging inklusive Videokonferenz erweitern und neue Beratungs- und Kommunikationskanäle eröffnen, bei denen die Privatsphäre durch Ende-zu-Ende-Verschlüsselung gesichert ist. Die Erfahrungen in den Testinstallationen zeigten nahtlose Integration, niedrige Eintrittsschwelle, Geschwindigkeit und Benutzerfreundlichkeit. Durch die inhärente Föderation von XMPP ist der Dienst auch über die Organisationsgrenzen hinaus einsetzbar. Dank seiner offenen Standards ist Swoosch beinahe beliebig integrier- und erweiterbar.
Marcel Waldvogel; Jürgen Kollek
SIEGE: Service-Independent Enterprise-GradE protection against password scans Technical Report
University of Konstanz no. KN-2014-DiSy-001, 2014.
Abstract | BibTeX | Tags: Denial of Service, Intrusion Detection, Peer-to-Peer, Security, Trust | Links:
@techreport{waldvogel4siege,
title = {SIEGE: Service-Independent Enterprise-GradE protection against password scans},
author = {Marcel Waldvogel and Jürgen Kollek},
url = {https://netfuture.ch/wp-content/uploads/2014/01/waldvogel14siege.pdf},
year = {2014},
date = {2014-01-17},
urldate = {1000-01-01},
number = {KN-2014-DiSy-001},
institution = {University of Konstanz},
abstract = {Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are common security threat against the open academic networks. Common defenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many network services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of bot- nets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense against one of the strongest threats against our infrastructure.},
keywords = {Denial of Service, Intrusion Detection, Peer-to-Peer, Security, Trust},
pubstate = {published},
tppubtype = {techreport}
}
Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are common security threat against the open academic networks. Common defenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many network services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of bot- nets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense against one of the strongest threats against our infrastructure.
2013
Sebastian Graf; Andreas Rain; Daniel Scharon; Marcel Waldvogel
Utilizing Cloud Storages for iSCSI: Is Security really expensive? Technical Report
University of Konstanz, Distributed Systems Laboratory no. KN-2013-DiSy-01, 2013.
Abstract | BibTeX | Tags: Cloud Storage, Security | Links:
@techreport{Graf2013iSCSI,
title = {Utilizing Cloud Storages for iSCSI: Is Security really expensive?},
author = {Sebastian Graf and Andreas Rain and Daniel Scharon and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2013/08/graf13isci.pdf},
year = {2013},
date = {2013-03-03},
urldate = {1000-01-01},
number = {KN-2013-DiSy-01},
institution = {University of Konstanz, Distributed Systems Laboratory},
abstract = {Cloud storage promises unlimited, flexible and cheap storages, including all-time availability and accessibility with the help of various technologies. Free-of-charge offers for endusers allure customers the same way as professional, pay-as-you-go storages do. The delocalization of the data provokes security concerns especially regarding the confidentiality of the data. Even though encryption offers a straight-forward solution to this problem, the performance questions its applicability when it comes to the utilization of professional storage-approaches like iSCSI. In this white-paper, we propose a utilization of NoSQL-based cloud-storages like Amazon S3 or Microsoft Azure for iSCSI. We evaluate the costs of a direct, bucket-based encryption and show, that in complex systems like iSCSI, the distance to the cloud represents the bottleneck instead of the encryption. Performance-boosting techniques like prefetching and caching improve the access and result in no practical overhead within such an utilization. Based on our own developed fully Java-based iSCSI target (jSCSI) and jClouds, our prototype represents, to the best of our knowledge, the first, free available, cloud-deployable iSCSI.},
keywords = {Cloud Storage, Security},
pubstate = {published},
tppubtype = {techreport}
}
Cloud storage promises unlimited, flexible and cheap storages, including all-time availability and accessibility with the help of various technologies. Free-of-charge offers for endusers allure customers the same way as professional, pay-as-you-go storages do. The delocalization of the data provokes security concerns especially regarding the confidentiality of the data. Even though encryption offers a straight-forward solution to this problem, the performance questions its applicability when it comes to the utilization of professional storage-approaches like iSCSI. In this white-paper, we propose a utilization of NoSQL-based cloud-storages like Amazon S3 or Microsoft Azure for iSCSI. We evaluate the costs of a direct, bucket-based encryption and show, that in complex systems like iSCSI, the distance to the cloud represents the bottleneck instead of the encryption. Performance-boosting techniques like prefetching and caching improve the access and result in no practical overhead within such an utilization. Based on our own developed fully Java-based iSCSI target (jSCSI) and jClouds, our prototype represents, to the best of our knowledge, the first, free available, cloud-deployable iSCSI.
2012
Sebastian Graf; Patrick Lang; Stefan A. Hohenadel; Marcel Waldvogel
Versatile Key Management for Secure Cloud Storage Proceedings Article
In: IEEE 31st Symposium on Reliable Distributed Systems, SRDS 2012, pp. 469-474, 2012.
BibTeX | Tags: Cloud Storage, Security | Links:
@inproceedings{Graf2012Versatile,
title = {Versatile Key Management for Secure Cloud Storage},
author = {Sebastian Graf and Patrick Lang and Stefan A. Hohenadel and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2012/graf12versatile.pdf},
year = {2012},
date = {2012-10-08},
urldate = {1000-01-01},
booktitle = {IEEE 31st Symposium on Reliable Distributed Systems, SRDS 2012},
pages = {469-474},
crossref = {DBLP:conf/srds/2012},
keywords = {Cloud Storage, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Thomas Zink; Marcel Waldvogel
BitTorrent traffic obfuscation: A chase towards semantic traffic identification Proceedings Article
In: 12th IEEE International Conference on Peer-to-Peer Computing, P2P 2012, pp. 126-137, 2012.
Abstract | BibTeX | Tags: Denial of Service, Peer-to-Peer, Security, Traffic Engineering | Links:
@inproceedings{Zink2012BitTorrent,
title = {BitTorrent traffic obfuscation: A chase towards semantic traffic identification},
author = {Thomas Zink and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2012/zink12bittorrent.pdf},
year = {2012},
date = {2012-09-03},
urldate = {1000-01-01},
booktitle = {12th IEEE International Conference on Peer-to-Peer Computing, P2P 2012},
pages = {126-137},
crossref = {DBLP:conf/p2p/2012},
abstract = {With the beginning of the 21st century emerging peer-to-peer networks ushered in a new era of large scale media exchange. Faced with ever increasing volumes of traffic, legal threats by copyright holders, and QoS demands of customers, network service providers are urged to apply traffic classification and shaping techniques. These systems usually are highly integrated to satisfy the harsh restrictions present in network infrastructure. They require constant maintenance and updates. Additionally, they have legal issues and violate both the net neutrality and end-to-end principles. On the other hand, clients see their freedom and privacy attacked. As a result, users, application programmers, and even commercial service providers laboriously strive to hide their interests and circumvent classification techniques. In this user vs. ISP war, the user side has a clear edge. While changing the network infrastructure is by nature very complex, and only slowly reacts to new conditions, updating and distributing software between users is easy and practically instantaneous. In this paper we discuss how state-of-the-art traffic classification systems can be circumvented with little effort. We present a new obfuscation extension to the BitTorrent protocol that allows signature free handshaking. The extension requires no changes to the infrastructure and is fully backwards compatible. With only little change to client software, contemporary classification techniques are rendered ineffective. We argue that future traffic classification must not rely on restricted local syntax information but instead must exploit global communication patterns and protocol semantics in order to be able to keep pace with rapid application and protocol changes.},
keywords = {Denial of Service, Peer-to-Peer, Security, Traffic Engineering},
pubstate = {published},
tppubtype = {inproceedings}
}
With the beginning of the 21st century emerging peer-to-peer networks ushered in a new era of large scale media exchange. Faced with ever increasing volumes of traffic, legal threats by copyright holders, and QoS demands of customers, network service providers are urged to apply traffic classification and shaping techniques. These systems usually are highly integrated to satisfy the harsh restrictions present in network infrastructure. They require constant maintenance and updates. Additionally, they have legal issues and violate both the net neutrality and end-to-end principles. On the other hand, clients see their freedom and privacy attacked. As a result, users, application programmers, and even commercial service providers laboriously strive to hide their interests and circumvent classification techniques. In this user vs. ISP war, the user side has a clear edge. While changing the network infrastructure is by nature very complex, and only slowly reacts to new conditions, updating and distributing software between users is easy and practically instantaneous. In this paper we discuss how state-of-the-art traffic classification systems can be circumvented with little effort. We present a new obfuscation extension to the BitTorrent protocol that allows signature free handshaking. The extension requires no changes to the infrastructure and is fully backwards compatible. With only little change to client software, contemporary classification techniques are rendered ineffective. We argue that future traffic classification must not rely on restricted local syntax information but instead must exploit global communication patterns and protocol semantics in order to be able to keep pace with rapid application and protocol changes.
Sebastian Graf; Jörg Eisele; Marcel Waldvogel; Marc Strittmatter
A Legal and Technical Perspective on Secure Cloud Storage Proceedings Article
In: 5. DFN-Forum Kommunikationstechnologien: Verteilte Systeme im Wissenschaftsbereich, pp. 63-72, 2012.
Abstract | BibTeX | Tags: Cloud Storage, Security | Links:
@inproceedings{Graf2012Legal,
title = {A Legal and Technical Perspective on Secure Cloud Storage},
author = {Sebastian Graf and Jörg Eisele and Marcel Waldvogel and Marc Strittmatter},
url = {https://netfuture.ch/wp-content/uploads/2012/graf12legal.pdf},
year = {2012},
date = {2012-05-20},
urldate = {1000-01-01},
booktitle = {5. DFN-Forum Kommunikationstechnologien: Verteilte Systeme im Wissenschaftsbereich},
pages = {63-72},
crossref = {DBLP:conf/dfn/2012},
abstract = {Cloud infrastructures are nowadays an irreplaceable component within modern IT-infrastructures.
Due to their representing abstraction regarding the physical execution framework from the deployment of the service, clouds not offer valuable attributes like scalability, environmental protection by best utilization of hardware resources, pay-as-you-go billing but also problem fields especially when it comes to the storage of confidential data. More concise, secure utilization of common cloud infrastructures like provided by Google, Microsoft or Amazon generate not only an indistinguishable impact to computer science but also to law science. As a consequence, based upon the confidentially of the data and the different methods and parties able to access this information, the safeness of the data must not only be provided by applying technical security measures upon the cloud-stored information but also by the investigation of legal issues going along with the flexibility of the cloud. To fill this gap, our contribution bases upon two pillars:<ul><li>We discuss legal issues going along with the storage of (especially confidential) data on cloud infrastructures provided by third parties.</li><li>Besides the legal issues, we further investigate technical measures how to ensure secure data storage on a technical level utilizing the benefits of cloud infrastructures (namely the scalability and availability).</li></ul>Based upon these investigations, we propose a technical model for secure cloud storage and interpret the measures against common aspects from the area of jurisprudence. Besides, we show that the area of jurisprudence still offers many open issues related to cloud based storage which represent a challenge for end-users as well as complex institutions like universities.},
keywords = {Cloud Storage, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Cloud infrastructures are nowadays an irreplaceable component within modern IT-infrastructures.
Due to their representing abstraction regarding the physical execution framework from the deployment of the service, clouds not offer valuable attributes like scalability, environmental protection by best utilization of hardware resources, pay-as-you-go billing but also problem fields especially when it comes to the storage of confidential data. More concise, secure utilization of common cloud infrastructures like provided by Google, Microsoft or Amazon generate not only an indistinguishable impact to computer science but also to law science. As a consequence, based upon the confidentially of the data and the different methods and parties able to access this information, the safeness of the data must not only be provided by applying technical security measures upon the cloud-stored information but also by the investigation of legal issues going along with the flexibility of the cloud. To fill this gap, our contribution bases upon two pillars:
Due to their representing abstraction regarding the physical execution framework from the deployment of the service, clouds not offer valuable attributes like scalability, environmental protection by best utilization of hardware resources, pay-as-you-go billing but also problem fields especially when it comes to the storage of confidential data. More concise, secure utilization of common cloud infrastructures like provided by Google, Microsoft or Amazon generate not only an indistinguishable impact to computer science but also to law science. As a consequence, based upon the confidentially of the data and the different methods and parties able to access this information, the safeness of the data must not only be provided by applying technical security measures upon the cloud-stored information but also by the investigation of legal issues going along with the flexibility of the cloud. To fill this gap, our contribution bases upon two pillars:
- We discuss legal issues going along with the storage of (especially confidential) data on cloud infrastructures provided by third parties.
- Besides the legal issues, we further investigate technical measures how to ensure secure data storage on a technical level utilizing the benefits of cloud infrastructures (namely the scalability and availability).
Michael Simon; Marcel Waldvogel; Sven Schober; Saher Semaan; Martin Nussbaumer
bwIDM: Föderieren auch nicht-webbasierter Dienste auf Basis von SAML Proceedings Article
In: 5. DFN-Forum Kommunikationstechnologien: Verteilte Systeme im Wissenschaftsbereich, pp. 119-128, 2012.
Abstract | BibTeX | Tags: Cloud Storage, Identity Management, Security | Links:
@inproceedings{Simon2012bwIDM,
title = {bwIDM: Föderieren auch nicht-webbasierter Dienste auf Basis von SAML},
author = {Michael Simon and Marcel Waldvogel and Sven Schober and Saher Semaan and Martin Nussbaumer},
url = {https://netfuture.ch/wp-content/uploads/2012/simon12bwidm.pdf},
year = {2012},
date = {2012-05-20},
urldate = {1000-01-01},
booktitle = {5. DFN-Forum Kommunikationstechnologien: Verteilte Systeme im Wissenschaftsbereich},
pages = {119-128},
crossref = {DBLP:conf/dfn/2012},
abstract = {Zur organisationsübergreifenden Nutzung von IT-Diensten werden Dienstföderationen gebildet. Dabei kann das Nutzerkonto der sogenannten Heimateinrichtung auch zum Zugriff auf nicht-lokale Dienste genutzt werden. Während die Integration webbasierter Dienste in Föderationen mit SAML und beispielsweise Shibboleth mittlerweile in vielen Anwendungsbereichen allgegenwärtig ist, fällt die Integration nicht-webbasierter IT-Dienste schwer. Existierende Ansätze, mit denen sich prinzipiell auch nicht-webbasierte Dienste integrieren lassen, erfüllen essentielle Anforderungen nicht und/oder sind nach ihrem heutigen Entwicklungsstand noch nicht betriebsfähig. In diesem Papier werden zwei Verfahren für nicht-webbasierte, föderative Dienstzugriffe (Moonshot und PAM/ECP) evaluiert und notwendige Erweiterungen zur Sicherstellung der Betriebsfa ̈higkeit vorgestellt. Ein implementierter Proof-of-Concept zeigt die Umsetzbarkeit der Lösung.},
keywords = {Cloud Storage, Identity Management, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Zur organisationsübergreifenden Nutzung von IT-Diensten werden Dienstföderationen gebildet. Dabei kann das Nutzerkonto der sogenannten Heimateinrichtung auch zum Zugriff auf nicht-lokale Dienste genutzt werden. Während die Integration webbasierter Dienste in Föderationen mit SAML und beispielsweise Shibboleth mittlerweile in vielen Anwendungsbereichen allgegenwärtig ist, fällt die Integration nicht-webbasierter IT-Dienste schwer. Existierende Ansätze, mit denen sich prinzipiell auch nicht-webbasierte Dienste integrieren lassen, erfüllen essentielle Anforderungen nicht und/oder sind nach ihrem heutigen Entwicklungsstand noch nicht betriebsfähig. In diesem Papier werden zwei Verfahren für nicht-webbasierte, föderative Dienstzugriffe (Moonshot und PAM/ECP) evaluiert und notwendige Erweiterungen zur Sicherstellung der Betriebsfa ̈higkeit vorgestellt. Ein implementierter Proof-of-Concept zeigt die Umsetzbarkeit der Lösung.
Thomas Zink; Marcel Waldvogel
Efficient BitTorrent handshake obfuscation Proceedings Article
In: Proceedings of the First Workshop on P2P and Dependability, ACM, 2012, ISBN: 978-1-4503-1148-9.
Abstract | BibTeX | Tags: Peer-to-Peer, Privacy, Security, Traffic Engineering | Links:
@inproceedings{Zink2012Efficient,
title = {Efficient BitTorrent handshake obfuscation},
author = {Thomas Zink and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2015/02/zink2012efficient.pdf},
isbn = {978-1-4503-1148-9},
year = {2012},
date = {2012-05-08},
urldate = {1000-01-01},
booktitle = {Proceedings of the First Workshop on P2P and Dependability},
publisher = {ACM},
abstract = {During the last decade, large scale media distribution populated peer-to-peer applications. Faced with ever increasing volumes of traffic, legal threats by copyright holders, and QoS demands of customers, network service providers are urged to apply traffic classification and shaping techniques. These highly integrated systems require constant maintenance, introduce legal issues, and violate both the net neutrality and end-to-end principles.
Clients see their freedom and privacy attacked. Users, application programmers, and even commercial service providers laboriously strive to hide their interests and circumvent classification techniques. While changing the network infrastructure is by nature very complex, and it reacts only slowly to new conditions, updating and distributing software between users is easy and practically instantaneous.
We present a new obfuscation extension to the BitTorrent protocol, which allows signature free handshaking. The extension requires no changes to the infrastructure and is fully backwards compatible. With only little change to client software, contemporary classification techniques can be rendered ineffective.},
keywords = {Peer-to-Peer, Privacy, Security, Traffic Engineering},
pubstate = {published},
tppubtype = {inproceedings}
}
During the last decade, large scale media distribution populated peer-to-peer applications. Faced with ever increasing volumes of traffic, legal threats by copyright holders, and QoS demands of customers, network service providers are urged to apply traffic classification and shaping techniques. These highly integrated systems require constant maintenance, introduce legal issues, and violate both the net neutrality and end-to-end principles.
Clients see their freedom and privacy attacked. Users, application programmers, and even commercial service providers laboriously strive to hide their interests and circumvent classification techniques. While changing the network infrastructure is by nature very complex, and it reacts only slowly to new conditions, updating and distributing software between users is easy and practically instantaneous.
We present a new obfuscation extension to the BitTorrent protocol, which allows signature free handshaking. The extension requires no changes to the infrastructure and is fully backwards compatible. With only little change to client software, contemporary classification techniques can be rendered ineffective.
Clients see their freedom and privacy attacked. Users, application programmers, and even commercial service providers laboriously strive to hide their interests and circumvent classification techniques. While changing the network infrastructure is by nature very complex, and it reacts only slowly to new conditions, updating and distributing software between users is easy and practically instantaneous.
We present a new obfuscation extension to the BitTorrent protocol, which allows signature free handshaking. The extension requires no changes to the infrastructure and is fully backwards compatible. With only little change to client software, contemporary classification techniques can be rendered ineffective.
2011
Pascal Gienger; Marcel Waldvogel
Polybius: Secure Web Single-Sign-On for Legacy Applications Proceedings Article
In: 4. DFN-Forum Kommunikationstechnologien, 2011.
Abstract | BibTeX | Tags: Cloud Storage, Identity Management, Security, Trust, Web Applications | Links:
@inproceedings{Gienger2011Polybius,
title = {Polybius: Secure Web Single-Sign-On for Legacy Applications},
author = {Pascal Gienger and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2011/gienger11polybius.pdf},
year = {2011},
date = {2011-06-20},
urldate = {1000-01-01},
booktitle = {4. DFN-Forum Kommunikationstechnologien},
abstract = {Web-based interfaces to applications in all domains of university life are surging. Given the diverse demands in and the histories of universities, combined with the rapid IT industry developments, all attempts at a sole all-encompassing platform for single-sign-on (SSO) will remain futile. In this paper, we present an architecture for a meta-SSO, which is able to seamlessly integrate with a wide variety of existing local sign-in and SSO mechanisms. It is therefore an excellent candidate for a university-wide all-purpose SSO system. Among the highlights are: No passwords are ever stored on disk, neither in the browser nor in the gateway; its basics have been implemented in a simple, yet versatile Apache module; and it can help reducing the impact of security problems anywhere in the system. It could even form the basis for secure inter-university collaborations and mutual outsourcing.},
keywords = {Cloud Storage, Identity Management, Security, Trust, Web Applications},
pubstate = {published},
tppubtype = {inproceedings}
}
Web-based interfaces to applications in all domains of university life are surging. Given the diverse demands in and the histories of universities, combined with the rapid IT industry developments, all attempts at a sole all-encompassing platform for single-sign-on (SSO) will remain futile. In this paper, we present an architecture for a meta-SSO, which is able to seamlessly integrate with a wide variety of existing local sign-in and SSO mechanisms. It is therefore an excellent candidate for a university-wide all-purpose SSO system. Among the highlights are: No passwords are ever stored on disk, neither in the browser nor in the gateway; its basics have been implemented in a simple, yet versatile Apache module; and it can help reducing the impact of security problems anywhere in the system. It could even form the basis for secure inter-university collaborations and mutual outsourcing.
Sebastian Graf; Vyacheslav Zholudev; Lukas Lewandowski; Marcel Waldvogel
Hecate: Managing Authorization with RESTful XML Proceedings Article
In: Proceedings of WS-REST 2011, 2011.
Abstract | BibTeX | Tags: Identity Management, Security, XML | Links:
@inproceedings{Graf2011Hecate,
title = {Hecate: Managing Authorization with RESTful XML},
author = {Sebastian Graf and Vyacheslav Zholudev and Lukas Lewandowski and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2011/graf11hecate.pdf},
year = {2011},
date = {2011-03-28},
urldate = {1000-01-01},
booktitle = {Proceedings of WS-REST 2011},
abstract = {The potentials of REST offers new ways for communications between louse coupled entities featured through the Web of Things. The binding of the disjunct components of this architecture creates security issues, such as the centralized authorization techniques respecting the independence of the underlying entities. This results in the question how authorization is performed respecting the flexibility of REST without any knowledge about the underlying resources. Nevertheless, possible knowledge about these resources should enable the authorization workflow to offer finer-granular permissions on substructures of the resources. With our new approach - named Hecate - we offer a framework to assure simplified handling while keeping the potentials and flexibility of REST. We have designed an architecture based on XML with a flexible authorization mechanism on the one hand and optional resource-awareness on the other hand. The flexibility within the authorization work-flow bases on permission sets respecting the HTTP verbs. Additional in-depth knowledge of the entity optionally extends these permissions with resource-aware filters. Hecate offers not only great benefits because of its flexibility, but also because of the optional extensibility proved within the two reference implementations. With Hecate, we show that a centralized authorization mechanism combining independence and optional resource-based filtering extends the flexibility of REST rather than restricting it.},
keywords = {Identity Management, Security, XML},
pubstate = {published},
tppubtype = {inproceedings}
}
The potentials of REST offers new ways for communications between louse coupled entities featured through the Web of Things. The binding of the disjunct components of this architecture creates security issues, such as the centralized authorization techniques respecting the independence of the underlying entities. This results in the question how authorization is performed respecting the flexibility of REST without any knowledge about the underlying resources. Nevertheless, possible knowledge about these resources should enable the authorization workflow to offer finer-granular permissions on substructures of the resources. With our new approach – named Hecate – we offer a framework to assure simplified handling while keeping the potentials and flexibility of REST. We have designed an architecture based on XML with a flexible authorization mechanism on the one hand and optional resource-awareness on the other hand. The flexibility within the authorization work-flow bases on permission sets respecting the HTTP verbs. Additional in-depth knowledge of the entity optionally extends these permissions with resource-aware filters. Hecate offers not only great benefits because of its flexibility, but also because of the optional extensibility proved within the two reference implementations. With Hecate, we show that a centralized authorization mechanism combining independence and optional resource-based filtering extends the flexibility of REST rather than restricting it.
2010
Sebastian Graf; Lukas Lewandowski; Marcel Waldvogel
Integrity Assurance for RESTful XML Proceedings Article
In: Proceedings of WISM 2010, 2010.
Abstract | BibTeX | Tags: Security, XML | Links:
@inproceedings{Graf2010Integrity,
title = {Integrity Assurance for RESTful XML},
author = {Sebastian Graf and Lukas Lewandowski and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2010/graf10integrity.pdf},
year = {2010},
date = {2010-11-04},
urldate = {1000-01-01},
booktitle = {Proceedings of WISM 2010},
abstract = {The REpresentational State Transfer (REST) represents an extensible, easy and elegant architecture for accessing web-based resources. REST alone and in combination with XML is fast gaining momentum in a diverse set of web applications. REST is stateless, as is HTTP on which it is built. For many applications, this not enough, especially in the context of concurrent access and the increasing need for auditing and accountability. We present a lightweight mechanism which allows the application to control the integrity of the underlying resources in a simple, yet flexible manner. Based on an opportunistic locking approach, we show in this paper that XML does not only act as an extensible and direct accessible backend that ensures easy modifications due to the allocation of nodes, but also gives scalable possibilities to perform on-the-fly integrity verification based on the tree structure.},
keywords = {Security, XML},
pubstate = {published},
tppubtype = {inproceedings}
}
The REpresentational State Transfer (REST) represents an extensible, easy and elegant architecture for accessing web-based resources. REST alone and in combination with XML is fast gaining momentum in a diverse set of web applications. REST is stateless, as is HTTP on which it is built. For many applications, this not enough, especially in the context of concurrent access and the increasing need for auditing and accountability. We present a lightweight mechanism which allows the application to control the integrity of the underlying resources in a simple, yet flexible manner. Based on an opportunistic locking approach, we show in this paper that XML does not only act as an extensible and direct accessible backend that ensures easy modifications due to the allocation of nodes, but also gives scalable possibilities to perform on-the-fly integrity verification based on the tree structure.
Thomas Zink; Marcel Waldvogel
Analysis and Efficient Classification of P2P File Sharing Traffic Technical Report
University of Konstanz Konstanz, Germany, no. KN-2010-DISY-02, 2010.
Abstract | BibTeX | Tags: Peer-to-Peer, Security, Traffic Engineering | Links:
@techreport{Zink2010Analysis,
title = {Analysis and Efficient Classification of P2P File Sharing Traffic},
author = {Thomas Zink and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2015/02/zink2010analysis.pdf},
year = {2010},
date = {2010-10-01},
urldate = {1000-01-01},
number = {KN-2010-DISY-02},
address = {Konstanz, Germany},
institution = {University of Konstanz},
abstract = {Since the advent of P2P networks they have grown to be the biggest source of internet traffic, superseding HTTP and FTP. For service providers P2P traffic results in increased costs for both infrastructure and transportation. Interest is high to reliably identify the type of service to ensure quality of service. In this document we analyze P2P network architectures and give an overview of existing identification mechanisms. In addition we devise a simple identification scheme suitable for implementation in resources restricted environments with limited computational power and memory. The scheme is based on behavior analysis and as such is not prone to traffic obfuscation techniques.},
keywords = {Peer-to-Peer, Security, Traffic Engineering},
pubstate = {published},
tppubtype = {techreport}
}
Since the advent of P2P networks they have grown to be the biggest source of internet traffic, superseding HTTP and FTP. For service providers P2P traffic results in increased costs for both infrastructure and transportation. Interest is high to reliably identify the type of service to ensure quality of service. In this document we analyze P2P network architectures and give an overview of existing identification mechanisms. In addition we devise a simple identification scheme suitable for implementation in resources restricted environments with limited computational power and memory. The scheme is based on behavior analysis and as such is not prone to traffic obfuscation techniques.
Sebastian Kay Belle; Oliver Haase; Marcel Waldvogel
CallForge: Call Anonymity in Cellular Networks Technical Report
University of Konstanz 2010.
Abstract | BibTeX | Tags: Mobile Networks, Privacy, Security | Links:
@techreport{Belle2010CallForge,
title = {CallForge: Call Anonymity in Cellular Networks},
author = {Sebastian Kay Belle and Oliver Haase and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2010/belle10callforge.pdf},
year = {2010},
date = {2010-05-19},
urldate = {1000-01-01},
booktitle = {PERVASIVE 2008 Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use (SPMU 2008)},
institution = {University of Konstanz},
abstract = {In cellular networks, the locations of all subscribers are continously tracked even when they only passively carry their mobile devices with them. This privacy sensitive data can be an invaluable source of information, not only for benevolent parties. We therefore present CallForge, the concept of a location management scheme that preserves the subscribers' anonymity -- in many cases even while they participate in a phone call -- as well as a theoretical analysis of the approach. CallForge improves on PathForge, a previously presented location management scheme, and as such is based on ID switching that we have combined with the emulation of a media break within a single call set-up procedure. We have analyzed and compared the anonymity of PathForge and CallForges, and shown that CallForge consistently provides superior anonymity. CallForge can be implemented entirely in the end device and run on existing network infrastructure without any modifications.},
keywords = {Mobile Networks, Privacy, Security},
pubstate = {published},
tppubtype = {techreport}
}
In cellular networks, the locations of all subscribers are continously tracked even when they only passively carry their mobile devices with them. This privacy sensitive data can be an invaluable source of information, not only for benevolent parties. We therefore present CallForge, the concept of a location management scheme that preserves the subscribers’ anonymity — in many cases even while they participate in a phone call — as well as a theoretical analysis of the approach. CallForge improves on PathForge, a previously presented location management scheme, and as such is based on ID switching that we have combined with the emulation of a media break within a single call set-up procedure. We have analyzed and compared the anonymity of PathForge and CallForges, and shown that CallForge consistently provides superior anonymity. CallForge can be implemented entirely in the end device and run on existing network infrastructure without any modifications.
2009
Sebastian Kay Belle; Marcel Waldvogel
PathForge: Faithful Anonymization of Movement Data Proceedings Article
In: Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds (MobiHeld ’09), pp. 63-64, 2009.
Abstract | BibTeX | Tags: Mobile Networks, Privacy, Security | Links:
@inproceedings{Belle2009PathForge,
title = {PathForge: Faithful Anonymization of Movement Data},
author = {Sebastian Kay Belle and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2009/belle09pathforge.pdf},
year = {2009},
date = {2009-08-17},
urldate = {1000-01-01},
booktitle = {Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds (MobiHeld '09)},
pages = {63-64},
abstract = {For most mobile networks, providers need the current position of their users to provide efficient service. The resulting motion data is not only an invaluable source for analyzing traffic or flow patterns, but also for tracking an individual's whereabouts, even without their knowledge. Today, many carry at least one mobile networked device with them wherever they go, day and night. The resulting motion data can be used to reveal the most intimate details of our lives, making this information extremely privacy sensitive. In this paper, we present PathForge, a lightweight solution, which not only fulfills the provider's efficiency requirement, but continues to allow flow pattern analysis, yet provides full privacy for users when not actively involved in a call.},
keywords = {Mobile Networks, Privacy, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
For most mobile networks, providers need the current position of their users to provide efficient service. The resulting motion data is not only an invaluable source for analyzing traffic or flow patterns, but also for tracking an individual’s whereabouts, even without their knowledge. Today, many carry at least one mobile networked device with them wherever they go, day and night. The resulting motion data can be used to reveal the most intimate details of our lives, making this information extremely privacy sensitive. In this paper, we present PathForge, a lightweight solution, which not only fulfills the provider’s efficiency requirement, but continues to allow flow pattern analysis, yet provides full privacy for users when not actively involved in a call.
Florian Mansmann; Fabian Fischer; Daniel A. Keim; Stephan Pietzko; Marcel Waldvogel
Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks Proceedings Article
In: DFN-Forum Kommunikationstechnologie, Garching (Munich), Germany, 2009.
Abstract | BibTeX | Tags: Intrusion Detection, Security | Links:
@inproceedings{Mansmann2009Interactive,
title = {Interactive Analysis of NetFlows for Misuse Detection in Large IP Networks},
author = {Florian Mansmann and Fabian Fischer and Daniel A. Keim and Stephan Pietzko and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2009/mansmann09interactive.pdf},
year = {2009},
date = {2009-05-01},
urldate = {1000-01-01},
booktitle = {DFN-Forum Kommunikationstechnologie},
address = {Garching (Munich), Germany},
abstract = {While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatie intrusion detection methods can detcct a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of large amounts of alerts imposes new challenges on the analysts. The goal of this paper is to preseot the visual analysis system NFlowVis to interactively detcct unwanted usage of the network infrastructure either by pivoting NetFlows using IOS alerts or by specifying usage patterns, such as sets of suspicious port numbers. Thereby, our work focuses on providing a scalable approach to store and retrieve large quantities of Netflows by means of a database management system.},
keywords = {Intrusion Detection, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatie intrusion detection methods can detcct a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of large amounts of alerts imposes new challenges on the analysts. The goal of this paper is to preseot the visual analysis system NFlowVis to interactively detcct unwanted usage of the network infrastructure either by pivoting NetFlows using IOS alerts or by specifying usage patterns, such as sets of suspicious port numbers. Thereby, our work focuses on providing a scalable approach to store and retrieve large quantities of Netflows by means of a database management system.
2008
Fabian Fischer; Florian Mansmann; Daniel A. Keim; Stephan Pietzko; Marcel Waldvogel
Large-scale Network Monitoring for Visual Analysis of Attacks Proceedings Article
In: 5th International Workshop on Visualization for Cyber Security (VizSEC 2008), Cambridge, MA, USA, 2008.
Abstract | BibTeX | Tags: Intrusion Detection, Security | Links:
@inproceedings{Fischer2008Large-scale,
title = {Large-scale Network Monitoring for Visual Analysis of Attacks},
author = {Fabian Fischer and Florian Mansmann and Daniel A. Keim and Stephan Pietzko and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2008/fischer08large-scale.pdf},
year = {2008},
date = {2008-08-15},
urldate = {1000-01-01},
booktitle = {5th International Workshop on Visualization for Cyber Security (VizSEC 2008)},
address = {Cambridge, MA, USA},
abstract = {The importance of the Internet and our dependency on computer networks are steadily growing, which results in high costs and substantial consequences in case of successful intrusions, stolen data, and interrupted services. At the same time, a trend towards massive attacks against the network infrastructure is noticeable. Therefore, monitoring large networks has become an important field in practice and research. Through monitoring systems, attacks can be detected and analyzed to gain knowledge of how to better protect the network in the future. In the scope of this paper, we present a system to analyze NetFlow data using a relational database system. NetFlow records are linked with alerts from an intrusion detection system to enable efficient exploration of suspicious activity within the monitored network. Within the system, the monitored network is mapped to a TreeMap visualization, the attackers are arranged at the borders and linked using splines parameterized with prefix information. In a series of case studies, we demonstrate how the tool can be used to judge the relevance of alerts, to reveal massive distributed attacks, and to analyze service usage within a network.},
keywords = {Intrusion Detection, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
The importance of the Internet and our dependency on computer networks are steadily growing, which results in high costs and substantial consequences in case of successful intrusions, stolen data, and interrupted services. At the same time, a trend towards massive attacks against the network infrastructure is noticeable. Therefore, monitoring large networks has become an important field in practice and research. Through monitoring systems, attacks can be detected and analyzed to gain knowledge of how to better protect the network in the future. In the scope of this paper, we present a system to analyze NetFlow data using a relational database system. NetFlow records are linked with alerts from an intrusion detection system to enable efficient exploration of suspicious activity within the monitored network. Within the system, the monitored network is mapped to a TreeMap visualization, the attackers are arranged at the borders and linked using splines parameterized with prefix information. In a series of case studies, we demonstrate how the tool can be used to judge the relevance of alerts, to reveal massive distributed attacks, and to analyze service usage within a network.
Sebastian Kay Belle; Marcel Waldvogel
Consistent Deniable Lying: Privacy in Mobile Social Networks Proceedings Article
In: Pervasive 2008 Workshop on Security and Privacy Issues in Mobile Phone Use (SPMU 2008), Sydney, Australia, 2008.
Abstract | BibTeX | Tags: Opportunistic Networks, Peer-to-Peer, Privacy, Security, Social Networks | Links:
@inproceedings{Belle2008Consistent,
title = {Consistent Deniable Lying: Privacy in Mobile Social Networks},
author = {Sebastian Kay Belle and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2008/belle08consistent.pdf},
year = {2008},
date = {2008-05-19},
urldate = {1000-01-01},
booktitle = {Pervasive 2008 Workshop on Security and Privacy Issues in Mobile Phone Use (SPMU 2008)},
address = {Sydney, Australia},
abstract = {Social networking is moving to mobile phones. This not only means continuous access, but also allows to link virtual and physical neighbourhood in novel ways. To make such systems useful, personal data such as lists of friends and interests need to be shared with more and frequently unknown people, posing a risk to your privacy. In this paper, we present our approach to social networking, Consistent Deniable Lying (CDL). Using easy-to-understand mechanisms and tuned to this environment, it enables you to meet new friends with joint interests while limiting exposure of your private data. Not only can it be generalised to include “friends of friends” (transitivity) into interest search, it allows you to plausibly refute any allegations of your claimed interests. Unlike prior work, we focus on the application to similarity finding and include the novel aspects of transitivity and deniability, which are key to success in social networks.},
keywords = {Opportunistic Networks, Peer-to-Peer, Privacy, Security, Social Networks},
pubstate = {published},
tppubtype = {inproceedings}
}
Social networking is moving to mobile phones. This not only means continuous access, but also allows to link virtual and physical neighbourhood in novel ways. To make such systems useful, personal data such as lists of friends and interests need to be shared with more and frequently unknown people, posing a risk to your privacy. In this paper, we present our approach to social networking, Consistent Deniable Lying (CDL). Using easy-to-understand mechanisms and tuned to this environment, it enables you to meet new friends with joint interests while limiting exposure of your private data. Not only can it be generalised to include “friends of friends” (transitivity) into interest search, it allows you to plausibly refute any allegations of your claimed interests. Unlike prior work, we focus on the application to similarity finding and include the novel aspects of transitivity and deniability, which are key to success in social networks.
2007
Marcel Waldvogel; Tobias Köck
Light-weight End-to-End QoS as DoS Prevention Proceedings Article
In: Proceedings of IEEE LCN 2007, 2007.
Abstract | BibTeX | Tags: Denial of Service, Quality of Service, Security | Links:
@inproceedings{Waldvogel2007Light-weight,
title = {Light-weight End-to-End QoS as DoS Prevention},
author = {Marcel Waldvogel and Tobias Köck},
url = {https://netfuture.ch/wp-content/uploads/2006/waldvogel06light-weight.pdf},
year = {2007},
date = {2007-09-01},
urldate = {1000-01-01},
booktitle = {Proceedings of IEEE LCN 2007},
abstract = {Despite decades of QoS research and many years of DoS defence work, neither group of proponents have been able to get their results included into mainstream Internet service. It seems that demand for either solution exists, but individually, they seem to be just below the cost/ benefit threshold. This paper proposes a first step into a common solution, where combined and extended interests will hopefully allow us to surpass this threshold. While there are still some open issues, we hope to not only pro- pose a basic working mechanism but also provide fresh ideas to start thinking off the beaten path. Our main contribution is to create a lightweight, end-to-end binding between path and service, which is then used as a basis to associate fur- ther attributes and mechanisms to this binding. As a result, both DoS defence and QoS can be achieved with stateless routers and only with prior consent of receiving the end sys- tems, short, achieving several of the IntServ advantages in a DiffServ-style system, i.e., avoiding per-connection state.},
keywords = {Denial of Service, Quality of Service, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Despite decades of QoS research and many years of DoS defence work, neither group of proponents have been able to get their results included into mainstream Internet service. It seems that demand for either solution exists, but individually, they seem to be just below the cost/ benefit threshold. This paper proposes a first step into a common solution, where combined and extended interests will hopefully allow us to surpass this threshold. While there are still some open issues, we hope to not only pro- pose a basic working mechanism but also provide fresh ideas to start thinking off the beaten path. Our main contribution is to create a lightweight, end-to-end binding between path and service, which is then used as a basis to associate fur- ther attributes and mechanisms to this binding. As a result, both DoS defence and QoS can be achieved with stateless routers and only with prior consent of receiving the end sys- tems, short, achieving several of the IntServ advantages in a DiffServ-style system, i.e., avoiding per-connection state.
2006
Marcel Waldvogel; Michael Muncan; Mahak Patidar
Stealth DoS Proceedings Article
In: Proceedings of IEEEslash IST Workshop on Monitoring, Attack Detection, and Mitigation (MonAM 2006), 2006.
Abstract | BibTeX | Tags: Denial of Service, Security | Links:
@inproceedings{Waldvogel2006Stealth,
title = {Stealth DoS},
author = {Marcel Waldvogel and Michael Muncan and Mahak Patidar},
url = {https://netfuture.ch/wp-content/uploads/2006/waldvogel06stealth.pdf},
year = {2006},
date = {2006-09-28},
urldate = {1000-01-01},
booktitle = {Proceedings of IEEEslash IST Workshop on Monitoring, Attack Detection, and Mitigation (MonAM 2006)},
abstract = {Users and providers increasingly disagree on what Denial of Service (DoS) is. For example, an ISP might consider large multimedia downloads an attack to overload its infrastructure or have it pay high interconnection fees. On the other hand, a user will certainly consider selective bandwidth reduction that is used by ISPs as a countermea- sure, as a DoS measure. Given the nature of their business relationship, neither side is likely to openly admit that they are fighting each other. In this paper we attempt to formalise the concept of Stealth DoS, including listing mechanisms that may be used at high speed. We concentrate on mechanisms that might be used in one particular area, voice over IP (VoIP). We start evaluating them under the different aspects, including their cost, political suitability and the likelihood for countermeasures to succeed. We expect that this will give both sides better insight on their options and plea for peace, hopefully in an attempt to avoid and open war.},
keywords = {Denial of Service, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Users and providers increasingly disagree on what Denial of Service (DoS) is. For example, an ISP might consider large multimedia downloads an attack to overload its infrastructure or have it pay high interconnection fees. On the other hand, a user will certainly consider selective bandwidth reduction that is used by ISPs as a countermea- sure, as a DoS measure. Given the nature of their business relationship, neither side is likely to openly admit that they are fighting each other. In this paper we attempt to formalise the concept of Stealth DoS, including listing mechanisms that may be used at high speed. We concentrate on mechanisms that might be used in one particular area, voice over IP (VoIP). We start evaluating them under the different aspects, including their cost, political suitability and the likelihood for countermeasures to succeed. We expect that this will give both sides better insight on their options and plea for peace, hopefully in an attempt to avoid and open war.
2004
Sean Rooney; Christopher J. Giblin; Marcel Waldvogel; Paul T. Hurley
Identifying a Distributed Denial of Service (DDoS) Attack within a Network and Defending Against such an Attack Miscellaneous
International Patent TWI332159, 2004.
Abstract | BibTeX | Tags: Denial of Service, Security | Links:
@misc{Rooney2004Identifying,
title = {Identifying a Distributed Denial of Service (DDoS) Attack within a Network and Defending Against such an Attack},
author = {Sean Rooney and Christopher J. Giblin and Marcel Waldvogel and Paul T. Hurley},
url = {https://netfuture.ch/wp-content/uploads/2017/01/us2006010389a1.pdf},
year = {2004},
date = {2004-04-05},
urldate = {1000-01-01},
abstract = {The invention provides methods, apparatus and systems for detecting distributed denial of service (DDoS) attacks within the Internet by sampling packets at a point or points in Internet backbone connections to determine a packet metric parameter. The packet metric parameter which might comprise the volume of packets received is analysed over selected time intervals with respect to specified geographical locations in which the hosts transmitting the packets are located. The expected behaviour can be employed to identify traffic distortions revealing a DDoS attack. In a complementary aspect, the invention provides a method of authenticating packets at routers in order to elevate the QoS of authenticated packets. This method can be used to block or filter packets and can be used in conjunction with the DDoS attack detection system to defend against DDoS attacks within the Internet in a distributed manner.},
howpublished = {International Patent TWI332159},
keywords = {Denial of Service, Security},
pubstate = {published},
tppubtype = {misc}
}
The invention provides methods, apparatus and systems for detecting distributed denial of service (DDoS) attacks within the Internet by sampling packets at a point or points in Internet backbone connections to determine a packet metric parameter. The packet metric parameter which might comprise the volume of packets received is analysed over selected time intervals with respect to specified geographical locations in which the hosts transmitting the packets are located. The expected behaviour can be employed to identify traffic distortions revealing a DDoS attack. In a complementary aspect, the invention provides a method of authenticating packets at routers in order to elevate the QoS of authenticated packets. This method can be used to block or filter packets and can be used in conjunction with the DDoS attack detection system to defend against DDoS attacks within the Internet in a distributed manner.
2003
Andreas Kind; Roman Pletka; Marcel Waldvogel
The Role of Network Processors in Active Networks Proceedings Article
In: Proceedings of IWAN 2003, pp. 18-29, Kyoto, Japan, 2003.
Abstract | BibTeX | Tags: Active Networks, Network Processors, Quality of Service, Security | Links:
@inproceedings{Kind2003Role,
title = {The Role of Network Processors in Active Networks},
author = {Andreas Kind and Roman Pletka and Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2003/kind03role.pdf},
year = {2003},
date = {2003-12-01},
urldate = {1000-01-01},
booktitle = {Proceedings of IWAN 2003},
pages = {18-29},
address = {Kyoto, Japan},
abstract = {Network processors (NPs) implement a balance between hardware and software that addresses the demand of performance and programmability in active networks (AN). We argue that this makes them an important player in the implementation and deployment of ANs. Besides a general introduction into the relationship of NPs and ANs, we describe the power of this combination in a framework for secure and safe capsule-based active code. We also describe the advantages of offloading AN control point functionality into the NP and how to execute active code in the data path efficiently. Furthermore, the paper reports on experiences about implementing active networking concepts on the IBM PowerNP network processor. },
keywords = {Active Networks, Network Processors, Quality of Service, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Network processors (NPs) implement a balance between hardware and software that addresses the demand of performance and programmability in active networks (AN). We argue that this makes them an important player in the implementation and deployment of ANs. Besides a general introduction into the relationship of NPs and ANs, we describe the power of this combination in a framework for secure and safe capsule-based active code. We also describe the advantages of offloading AN control point functionality into the NP and how to execute active code in the data path efficiently. Furthermore, the paper reports on experiences about implementing active networking concepts on the IBM PowerNP network processor.
Ramaprabhu Janakiraman; Marcel Waldvogel; Qi Zhang
Indra: A Peer-to-Peer Approach to Network Intrusion Detection and Prevention Proceedings Article
In: Proceedings of IEEE WETICE 2003, Linz, Austria, 2003.
Abstract | BibTeX | Tags: Denial of Service, Security, Trust | Links:
@inproceedings{Janakiraman2003Indra,
title = {Indra: A Peer-to-Peer Approach to Network Intrusion Detection and Prevention},
author = {Ramaprabhu Janakiraman and Marcel Waldvogel and Qi Zhang},
url = {https://netfuture.ch/wp-content/uploads/2003/janakiraman03indra.pdf},
year = {2003},
date = {2003-01-01},
urldate = {1000-01-01},
booktitle = {Proceedings of IEEE WETICE 2003},
address = {Linz, Austria},
abstract = {While the spread of the Internet has made the network ubiquitous, it has also rendered networked systems vulnerable to malicious attacks orchestrated from anywhere. These attacks or intrusions typically start with attackers infiltrating a network through a vulnerable host and then launching further attacks on the local network or Intranet. Attackers rely on increasingly sophisticated techniques like using distributed attack sources and obfuscating their network addresses. On the other hand, software that guards against them remains rooted in traditional centralized techniques, presenting an easily-targeted single point of failure. Scalable, distributed network intrusion prevention techniques are sorely needed. We propose Indra---a distributed scheme based on sharing information between trusted peers in a network to guard the network as a whole against intrusion attempts. We present initial ideas for running Indra over a peer-to-peer infrastructure to distribute up-to-date rumors, facts, and trust information in a scalable way.},
keywords = {Denial of Service, Security, Trust},
pubstate = {published},
tppubtype = {inproceedings}
}
While the spread of the Internet has made the network ubiquitous, it has also rendered networked systems vulnerable to malicious attacks orchestrated from anywhere. These attacks or intrusions typically start with attackers infiltrating a network through a vulnerable host and then launching further attacks on the local network or Intranet. Attackers rely on increasingly sophisticated techniques like using distributed attack sources and obfuscating their network addresses. On the other hand, software that guards against them remains rooted in traditional centralized techniques, presenting an easily-targeted single point of failure. Scalable, distributed network intrusion prevention techniques are sorely needed. We propose Indra—a distributed scheme based on sharing information between trusted peers in a network to guard the network as a whole against intrusion attempts. We present initial ideas for running Indra over a peer-to-peer infrastructure to distribute up-to-date rumors, facts, and trust information in a scalable way.
2002
Marcel Waldvogel
GOSSIB vs. IP Traceback Rumors Proceedings Article
In: 18th Annual Computer Security Applications Conference (ACSAC 2002), pp. 5–13, 2002.
Abstract | BibTeX | Tags: Denial of Service, Security | Links:
@inproceedings{Waldvogel2002GOSSIB,
title = {GOSSIB vs. IP Traceback Rumors},
author = {Marcel Waldvogel},
url = {https://netfuture.ch/wp-content/uploads/2002/waldvogel02gossib.pdf},
year = {2002},
date = {2002-01-01},
urldate = {1000-01-01},
booktitle = {18th Annual Computer Security Applications Conference (ACSAC 2002)},
pages = {5--13},
abstract = { To identify sources of distributed denial-of-service attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. In this paper, we introduce a new concept, namely groups of strongly similar birthdays (GOSSIB), that can be used by to obtain effects similar to a successful birthday attack on PPM schemes. The original and most widely known IP traceback mechanism, compressed edge fragment sampling (CEFS), was developed by Savage et al. We analyze the effects of an attacker using GOSSIB against CEFS and show that the attacker can seed misinformation much more effiently than the network is able to contribute real traceback information. Thus, GOSSIB will render PPM effctively useless. It can be expected that GOSSIB has similar effcts on other PPM traceback schemes and that standard modifiations to the systems will not solve the problem.},
keywords = {Denial of Service, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
To identify sources of distributed denial-of-service attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. In this paper, we introduce a new concept, namely groups of strongly similar birthdays (GOSSIB), that can be used by to obtain effects similar to a successful birthday attack on PPM schemes. The original and most widely known IP traceback mechanism, compressed edge fragment sampling (CEFS), was developed by Savage et al. We analyze the effects of an attacker using GOSSIB against CEFS and show that the attacker can seed misinformation much more effiently than the network is able to contribute real traceback information. Thus, GOSSIB will render PPM effctively useless. It can be expected that GOSSIB has similar effcts on other PPM traceback schemes and that standard modifiations to the systems will not solve the problem.
2001
Marcel Waldvogel; Radhesh Mohandas; Sherlia Shi
EKA: Efficient Keyserver using ALMI Proceedings Article
In: Proceedings of IEEE WET ICE Workshop on Enterprise Security, pp. 237-246, Cambridge, MA, USA, 2001.
Abstract | BibTeX | Tags: Multicast, Security | Links:
@inproceedings{Waldvogel2001EKA,
title = {EKA: Efficient Keyserver using ALMI},
author = {Marcel Waldvogel and Radhesh Mohandas and Sherlia Shi},
url = {https://netfuture.ch/wp-content/uploads/2001/waldvogel01eka.pdf},
year = {2001},
date = {2001-01-01},
urldate = {1000-01-01},
booktitle = {Proceedings of IEEE WET ICE Workshop on Enterprise Security},
pages = {237-246},
address = {Cambridge, MA, USA},
abstract = { The keyserver network serves as a repository of OpenPGP keys, providing replication throughout the Internet. It currently uses an inefficient and insufficient protocol to keep its nodes synchronized: highly redundant network traffic and excessive overhead due to several thousand e-mail messages per day. Under these conditions, even short network outages cause massive mail server overloads and losses, resulting in continuously diverging databases. In this paper, we present a new protocol to achieve complete synchronization efficiently and automatically, drastically reducing the need for manual intervention. Our protocol transmits only the updates and uses multicast to optimize the amount of data sent. Since support for native multicast is not widely available in the underlying network and current Internet multicast does not scale well, we base our keyserver on ALMI. ALMI is a middleware for reliable applicationlevel multicast, providing scalable join/leave notification of neighbors, significantly reducing the complexity of the application. As a part of this work, we have also implemented a keyserver software which uses our protocol and an efficient RDBMS back-end to hold the keys. },
keywords = {Multicast, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
The keyserver network serves as a repository of OpenPGP keys, providing replication throughout the Internet. It currently uses an inefficient and insufficient protocol to keep its nodes synchronized: highly redundant network traffic and excessive overhead due to several thousand e-mail messages per day. Under these conditions, even short network outages cause massive mail server overloads and losses, resulting in continuously diverging databases. In this paper, we present a new protocol to achieve complete synchronization efficiently and automatically, drastically reducing the need for manual intervention. Our protocol transmits only the updates and uses multicast to optimize the amount of data sent. Since support for native multicast is not widely available in the underlying network and current Internet multicast does not scale well, we base our keyserver on ALMI. ALMI is a middleware for reliable applicationlevel multicast, providing scalable join/leave notification of neighbors, significantly reducing the complexity of the application. As a part of this work, we have also implemented a keyserver software which uses our protocol and an efficient RDBMS back-end to hold the keys.
1999
Marcel Waldvogel; Germano Caronni; Dan Sun; Nathalie Weiler; Bernhard Plattner
The VersaKey Framework: Versatile Group Key Management Journal Article
In: IEEE Journal on Selected Areas in Communications, vol. 17, no. 9, pp. 1614-1631, 1999.
Abstract | BibTeX | Tags: Multicast, Security | Links:
@article{Waldvogel1999VersaKey,
title = {The VersaKey Framework: Versatile Group Key Management},
author = {Marcel Waldvogel and Germano Caronni and Dan Sun and Nathalie Weiler and Bernhard Plattner},
url = {https://netfuture.ch/wp-content/uploads/1999/waldvogel99versakey.pdf},
year = {1999},
date = {1999-09-16},
urldate = {1000-01-01},
journal = {IEEE Journal on Selected Areas in Communications},
volume = {17},
number = {9},
pages = {1614-1631},
abstract = { Middleware supporting secure applications in a distributed environment faces several challenges. Scalable security in the context of multicasting or broadcasting is especially hard when privacy and authenticity is to be assured to highly dynamic groups where the application allows participants to join and leave at any time. Unicast security is well-known and has widely advanced into production state. But proposals for multicast security solutions that have been published so far are complex, often require trust in network components or are inefficient. In this paper, we propose a framework of new approaches for achieving scalable security in IP multicasting. Our solutions assure that that newly joining members are not able to understand past group traffic, and that leaving members may not follow future communication. For versatility, our framework supports a range of closely related schemes for key management, ranging from tightly centralized to fully distributed and even allows switching between these schemes on-the-fly with low overhead. Operations have low complexity (O(log \textit{N}) for joins and leaves), thus granting scalability even for very large groups. We also present a novel concurrency-enabling scheme, which was devised for fully distributed key management. In this paper we discuss the requirements for secure multicasting, present our flexible system, and evaluate its properties, based on the existing prototype implementation.},
keywords = {Multicast, Security},
pubstate = {published},
tppubtype = {article}
}
Middleware supporting secure applications in a distributed environment faces several challenges. Scalable security in the context of multicasting or broadcasting is especially hard when privacy and authenticity is to be assured to highly dynamic groups where the application allows participants to join and leave at any time. Unicast security is well-known and has widely advanced into production state. But proposals for multicast security solutions that have been published so far are complex, often require trust in network components or are inefficient. In this paper, we propose a framework of new approaches for achieving scalable security in IP multicasting. Our solutions assure that that newly joining members are not able to understand past group traffic, and that leaving members may not follow future communication. For versatility, our framework supports a range of closely related schemes for key management, ranging from tightly centralized to fully distributed and even allows switching between these schemes on-the-fly with low overhead. Operations have low complexity (O(log N) for joins and leaves), thus granting scalability even for very large groups. We also present a novel concurrency-enabling scheme, which was devised for fully distributed key management. In this paper we discuss the requirements for secure multicasting, present our flexible system, and evaluate its properties, based on the existing prototype implementation.
1998
Germano Caronni; Marcel Waldvogel; Dan Sun; Bernhard Plattner
Efficient Security for Large and Dynamic Multicast Groups Proceedings Article
In: Proceedings of the IEEE 7th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE ’98), Palo Alto, CA, USA, 1998.
Abstract | BibTeX | Tags: Multicast, Security | Links:
@inproceedings{Caronni1998Efficient,
title = {Efficient Security for Large and Dynamic Multicast Groups},
author = {Germano Caronni and Marcel Waldvogel and Dan Sun and Bernhard Plattner},
url = {https://netfuture.ch/wp-content/uploads/1998/caronni98efficient.pdf},
year = {1998},
date = {1998-06-01},
urldate = {1000-01-01},
booktitle = {Proceedings of the IEEE 7th International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE '98)},
address = {Palo Alto, CA, USA},
abstract = { Proposals for multicast security that have been published so far are complex, often require trust in network components or are inefficient. In this paper we propose a series of novel approaches for achieving scalable security in IP multicast, providing privacy and authentication on a group-wide basis. They can be employed to efficiently secure multi-party applications where members of highly dynamic groups of arbitrary size may participate. Supporting dynamic groups implies that newly joining members must not be able to understand past group communications, and that leaving members may not follow future communications. Key changes are required for all group members when a leave or join occurs, which poses a problem if groups are large. The algorithms presented here require no trust in third parties, support either centralized or fully distributed management of keying material, and have low complexity (O(log N) or less). This grants scalability even for large groups. },
keywords = {Multicast, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Proposals for multicast security that have been published so far are complex, often require trust in network components or are inefficient. In this paper we propose a series of novel approaches for achieving scalable security in IP multicast, providing privacy and authentication on a group-wide basis. They can be employed to efficiently secure multi-party applications where members of highly dynamic groups of arbitrary size may participate. Supporting dynamic groups implies that newly joining members must not be able to understand past group communications, and that leaving members may not follow future communications. Key changes are required for all group members when a leave or join occurs, which poses a problem if groups are large. The algorithms presented here require no trust in third parties, support either centralized or fully distributed management of keying material, and have low complexity (O(log N) or less). This grants scalability even for large groups.
Germano Caronni; Marcel Waldvogel; Dan Sun; Nathalie Weiler; Bernhard Plattner
VersaKey: Versatile Key Management for Large and Dynamic Multicast Groups Technical Report
TIK, ETH Zürich no. TIK-57, 1998.
BibTeX | Tags: Multicast, Security
@techreport{Caronni1998VersaKey-techreport,
title = {VersaKey: Versatile Key Management for Large and Dynamic Multicast Groups},
author = {Germano Caronni and Marcel Waldvogel and Dan Sun and Nathalie Weiler and Bernhard Plattner},
year = {1998},
date = {1998-01-01},
urldate = {1000-01-01},
number = {TIK-57},
institution = {TIK, ETH Zürich},
keywords = {Multicast, Security},
pubstate = {published},
tppubtype = {techreport}
}
Germano Caronni; Marcel Waldvogel; Dan Sun; Bernhard Plattner
Efficient Security for Large and Dynamic Multicast Groups Technical Report
TIK, ETH Zürich no. TIK-41, 1998.
BibTeX | Tags: Multicast, Security
@techreport{Caronni1998Efficient-techreport,
title = {Efficient Security for Large and Dynamic Multicast Groups},
author = {Germano Caronni and Marcel Waldvogel and Dan Sun and Bernhard Plattner},
year = {1998},
date = {1998-01-01},
urldate = {1000-01-01},
number = {TIK-41},
institution = {TIK, ETH Zürich},
keywords = {Multicast, Security},
pubstate = {published},
tppubtype = {techreport}
}