Institut für Verteilte Systeme

Unser Institut beschäftigt sich mit Themen wie Skalierbarkeit, Zuverlässigkeit, Sicherheit und Datenschutz, Selbstorganisation und Beherrschbarkeit von Komplexität in Verteilten Systemen in einer Vielzahl von Einsatzszenarien wie Cloud-Computing oder Fahrzeug-Fahrzeug-Kommunikation.

In der Lehre decken wir das gesamte Spektrum von Rechnernetzen, über verteilte Systeme bis hin zu Sicherheit und Privacy-Schutz ab.

Unsere letzten Publikationen

Pascal, Oser; Frank, Kargl; Stefan, Lüders
Identifying Devices of the Internet of Things Using Machine Learning on Clock Characteristics
Security, Privacy, and Anonymity in Computation, Communication, and Storage
Herausgeber: Springer International Publishing,
Dezember 2018
Bösch, Christoph
An Efficient Privacy-Preserving Outsourced Geofencing Service Using Bloom Filter
2018 IEEE Vehicular Networking Conference, VNC 2018
Dezember 2018
Kleber, Stephan; Unterstein, Florian; Hiller, Matthias; Slomka, Frank; Matousek, Matthias; Kargl, Frank; Bösch, Christoph
Secure Code Execution: A Generic PUF-driven System Architecture
21st Information Security Conference
Oktober 2018

Zusammenfassung: In his invited talk, joint between CHES 2016 and CRYPTO 2016 on the Future of Embedded Security, Paul Kocher suggested to move the security into chips because hardware is the lowest level and thus security can not be compromized by a lower layer. In this paper, we propose a generic PUF-driven secure code execution architecture that employs instruction-level code encryption. Our design foresees a tight integration of a Physically Unclonable Function (PUF) and the decryption of encrypted program code directly inside the processor’s instruction pipeline to avert revealing keys or decrypted code in externally accessible registers or memory. The architecture prevents code-injection by executing only code encrypted for individual target CPUs, has an adaptable impact on performance, and requires only minor changes to the software development process. Our PUF-based code encryption defends also from reverse engineering attempts and enforces IP protection. A proof-of-concept implementation demonstrates the feasibility of our proposed architecture.

van der Heijden, Rens Wouter; Dietzel, Stefan; Leinmüller, Tim; Kargl, Frank
Survey on Misbehavior Detection in Cooperative Intelligent Transportation Systems
IEEE Communications Surveys & Tutorials,
Oktober 2018

Zusammenfassung: Cooperative Intelligent Transportation Systems (cITS) are a promising technology to enhance driving safety and efficiency. Vehicles communicate wirelessly with other vehicles and infrastructure, thereby creating a highly dynamic and heterogeneously managed ad-hoc network. It is these network properties that make it a challenging task to protect integrity of the data and guarantee its correctness. A major component is the problem that traditional security mechanisms like PKI-based asymmetric cryptography only exclude outsider attackers that do not possess key material. However, because attackers can be insiders within the network (i.e., possess valid key material), this approach cannot detect all possible attacks. In this survey, we present misbehavior detection mechanisms that can detect such insider attacks based on attacker behavior and information analysis. In contrast to well-known intrusion detection for classical IT systems, these misbehavior detection mechanisms analyze information semantics to detect attacks, which aligns better with highly application-tailored communication protocols foreseen for cITS. In our survey, we provide an extensive introduction to the cITS ecosystem and discuss shortcomings of PKI-based security. We derive and discuss a classification for misbehavior detection mechanisms, provide an in-depth overview of seminal papers on the topic, and highlight open issues and possible future research trends.

Lukaseder, Thomas; Stölzle, Kevin; Kleber, Stephan; Erb, Benjamin; Kargl, Frank
An SDN-based Approach For Defending Against Reflective DDoS Attacks
Proceedings of the 43rd IEEE Conference on Local Computer Networks
Oktober 2018

Zusammenfassung: Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built upon UDP increase the need for automated mitigation mechanisms that react to attacks without prior knowledge of the actual application protocols used. With the flexibility that software-defined networks offer, we developed a new approach for defending against DRDoS attacks; it not only protects against arbitrary DRDoS attacks but is also transparent for the attack target and can be used without assistance of the target host operator. The approach provides a robust mitigation system which is protocol-agnostic and effective in the defense against DRDoS attacks.

Export als: BibTeX, XML

Klicken Sie hier um eine Übersicht aller Publikationen zu erhalten.