Publications

2023

1. Sicherheit in Microservice-Umgebungen

   Tefke, Tobias, and Staudemeyer, Ralf C.

   In Proc. of the 30. DFN-Konferenz „Sicherheit in vernetzten Systemen“, vol. 30, 21p., ISBN: 978-3756881390, Books on Demand, 2023.

   [Abs] [PDF ⌂] [URL 🡕]

   Software wird permanent weiterentwickelt. Durch die Umsetzung weiterer Anwendungsfälle nimmt deren Komplexität zu. Dies ist in Bezug auf die Wartbarkeit und Sicherheit der Software kritisch zu sehen. Daher werden Lösungen gesucht, mit denen die Komplexität von Software verringert werden kann, ohne auf Funktionalität verzichten zu müssen. Eine Option besteht in der Nutzung der Microservice-Architektur. Hierbei werden statt einem Programm mehrere Teilprogramme entwickelt, die einen oder mehrere nah verwandte Anwendungsfälle umsetzen. Die Kommunikation mit und zwischen den Microservices geschieht über definierte Schnittstellen. In Bezug auf die IT-Sicherheit ist bei der Implementierung von Microservices vor allem auf eine robuste Absicherung öffentlich verfügbarer Schnittstellen zu achten. In diesem Beitrag wird die Microservice-Architektur anhand eines Praxisbeispiels, einer selbst entwickelten quelloffenen Lehrplattform, verdeutlicht. Hierzu werden die Plattform und ihre wichtigsten Anwendungsfälle vorgestellt. Hierbei wird auf die Absicherung von Schwachstellen und den Aufbau der Microservice-Umgebung eingegangen.

2. A Survey on Anonymous Communication Systems With a Focus on Dining Cryptographers Networks

   Shirali, Mohsen, Tefke, Tobias, Staudemeyer, Ralf C, and Pöhls, Henrich C

   IEEE Access, vol. 11, pp. 18631-18659, IEEE, 2023.

   [Abs] [PDF ⌂] [DOI 🡕]

   Traffic analysis attacks can counteract end-to-end encryption and use leaked communication metadata to reveal information about communicating parties. With an ever-increasing amount of traffic by an ever-increasing number of networked devices, communication privacy is undermined. Therefore, Anonymous Communication Systems (ACSs) are proposed to hide the relationship between transmitted messages and their senders and receivers, providing privacy properties known as anonymity, unlinkability, and unobservability. This article aims to review research in the ACSs field, focusing on Dining Cryptographers Networks (DCNs). The DCN-based methods are information-theoretically secure and thus provide unconditional unobservability guarantees. Their adoption for anonymous communications was initially hindered because their computational and communication overhead was deemed significant at that time, and scalability problems occurred. However, more recent contributions, such as the possibility to transmit messages of arbitrary length, efficient disruption handling and overhead improvements, have made the integration of modern DCN-based methods more realistic. In addition, the literature does not follow a common definition for privacy properties, making it hard to compare the approaches’ gains. Therefore, this survey contributes to introducing a harmonized terminology for ACS privacy properties, then presents an overview of the underlying principles of ACSs, in particular, DCN-based methods, and finally, investigates their alignment with the new harmonized privacy terminologies. Previous surveys did not cover the most recent research advances in the ACS area or focus on DCN-based methods. Our comprehensive investigation closes this gap by providing visual maps to highlight privacy properties and discussing the most promising ideas for making DCNs applicable in resource-constrained environments.

3. Understanding shells in 90 minutes

   Tefke, Tobias

   In Studierendenkonferenz Informatik (SKILL) 2023, 6p., Gesellschaft für Informatik, Sep, 2023.

   [Abs]

   As part of operating system tutorials, students should revise their knowledge about how shells work. Widely adopted shells like the GNU Bash are technically too complex to explain to students within 90 minutes. Therefore I developed a simple variant of a shell. It focuses on very basic functionalities of shells – spawning processes and implementing builtins. Therefore the developed shell is well suited for tutorials. As it consists of only a few hundred lines of code, students can quickly understand how it works. They can easily extend the shell by adding new features. The developed program is distributed under the terms of an open source license which allows an uncomplicated use of the program by other educational institutions.

2022

1. R - kurz & gut

   Staudemeyer, Jörg, and Staudemeyer, Ralf C.

   230p., ISBN: 978-3960091332, O’Reilly, 2022.

   [URL 🡕]
2. Erstellung einer kollaborativen Arbeitsumgebung für die pandemiebedingte Online-Lehre — ein Praxisbericht

   Tefke, Tobias, Petri, Elias, Staudemeyer, Ralf C., and Kucza, Timo

   Informatik Spektrum, vol. 45, pp. 106-114, Springer Berlin Heidelberg, 2022.

   [Abs] [PDF ⌂] [DOI 🡕]

   Durch die pandemische Lage sind viele Lehrangebote nicht in ihrer ursprünglichen Form durchführbar. Im hier vorgestellten Fall soll das Programmieren einer Hardware-Entwicklungsplattform für das Internet der Dinge (IoT) erlernt werden. Die Studierenden arbeiten in Arbeitsgruppen mit bis zu fünf Teilnehmern. In der dezentralen Lehre ist dies nur schwer umsetzbar. Im vorliegenden Fall hätten dann drei Geräte pro Teilnehmer ausgegeben werden müssen. Ein Austausch innerhalb der Projektgruppen war zunächst nur eingeschränkt per Videokonferenz möglich. Das fragliche IoT-Labor wurde deshalb in eine virtuelle Umgebung integriert, so dass dort in Gruppen programmiert werden kann, während die IoT-Hardware mittels Video in Echtzeit beobachtet wird. Die geschaffene Lehrumgebung vereint die Durchführung von Vorlesungen, Übungen, Tutorien und Arbeitsgruppentreffen. Die Möglichkeiten zur Interaktion erleichtern es den Studierenden unter anderem, während der Vorlesung in Kontakt miteinander zu treten.

3. Android Data Storage Locations and What App Developers Do with It from a Security and Privacy Perspective

   Heid, Kris, Tefke, Tobias, Heider, Jens, and Staudemeyer, Ralf

   In Proc. of the 8th Int. Conf. on Information Systems Security and Privacy (ICISSP), pp. 378-387, SciTePress, Jan, 2022.

   [Abs] [PDF ⌂] [DOI 🡕]

   Many Android apps handle and store sensible data on the smartphone, such as for example passwords, API keys or messages. This information must of course be protected and thus more and more protected storage options and storage isolation techniques were implemented in recent Android version. This results in good security and privacy mechanisms provided to Android developers. However, the question is how well these measures are implemented in todays apps. In this publication, we are presenting an automated dynamic analysis environment which we use to analyze the top 1000 Android apps. Filesystem API accesses of these apps are evaluated and judged how well Android’s protected storage locations are leveraged or abused.

4. Statistikfunktionen mit R in Java-Programme einbinden

   Staudemeyer, Ralf C., and Staudemeyer, Jörg

   JavaSPEKTRUM, vol. 03/2022, pp. 34-37, Sigs Datacom, Mar, 2022.

2020

1. Extracting Speech from Motion-Sensitive Sensors

   Azzakhnini, Safaa, and Staudemeyer, Ralf C.

   In Proc. of the 15th Int. Workshop on Data Privacy Management, Cryptocurrencies and Blockchain Technology (DPM), pp. 145-160, Springer International Publishing, 2020.

   [Abs] [PDF ⌂] [DOI 🡕]

   The increasing presence of wireless sensor networks and the blanket re-use of the resulting data volumes by AI-based systems raises pressing ethical questions about the impact of these technologies on our society. One of the commonly used technologies are Smart Phones and similar mobile communication devices which attract people to improve their quality of life. These devices are equipped with rich sensors that provide an advanced and comprehensive user experience. However, it is a well known problem that the presence of numerous sensors is of major concern to the privacy of users and their social environment. Specifically previous studies already revealed that motion-sensitive sensors actually react to human speech. In this regards Deep Neural Networks (DNN) proved very successful to model high-level abstractions in data. Our main focus is highlighting (i) the potential risks related to these sensors leaking private information about speech and (ii) the ethical implications of advances in (deep) machine learning as a threat to privacy. In this paper we showcase a simple attack in which collected data from accelerometer and Vibration Energy Harvester (VEH) sensors can be used to eavesdrop on speech. We propose a multistage stacked auto-encoder model that learns the distinctive time and frequency characteristics independently without user interaction. We demonstrate the efficiency of our model with poor quality data and a very low sampling rate. We investigated three classification tasks: gender identification (i), hotwords detection (ii), and (iii) recognition of simple phrases selected from a previously well investigated dataset. Our experiments demonstrate the efficiency of our model and confirm that motion-sensitive sensors are a rich source of personal data, from which highly sensitive and private information about people in close proximity to the sensor emerges.

2019

1. Understanding LSTM—A tutorial into Long Short-Term Memory Recurrent Neural Networks

   Staudemeyer, RC, and Morris, ER

   arXiv preprint arXiv:1909.09586, 42p., 2019.

   [Abs] [PDF ⌂] [DOI 🡕]

   Long Short-Term Memory Recurrent Neural Networks (LSTM-RNN) are one of the most powerful dynamic classifiers publicly known. The network itself and the related learning algorithms are reasonably well documented to get an idea how it works. This paper will shed more light into understanding how LSTM-RNNs evolved and why they work impressively well, focusing on the early, ground-breaking publications. We significantly improved documentation and fixed a number of errors and inconsistencies that accumulated in previous publications. To support understanding we as well revised and unified the notation used.

2. What it takes to boost Internet of Things privacy beyond encryption with unobservable communication: A survey and lessons learned from the first implementation of DC-net

   Staudemeyer, Ralf C, Pöhls, Henrich C, and Wójcik, Marcin

   Journal of Reliable Intelligent Environments, vol. 5, pp. 41-64, Springer, Feb, 2019.

   [Abs] [PDF ⌂] [DOI 🡕]

   Privacy requires more than just encryption of data before and during transmission. Privacy would actually demand hiding the sheer fact that communication takes place. This requires to protect meta-data from observation. We motivate the need for strong privacy protection in a smart home use case by highlighting the privacy issues that cannot be solved by confidentiality mechanisms like encryption alone. Our solution is a implementation of DC-net on Re-Mote sensor nodes running Contiki OS. From this, we conclude that the computational and network overheads imposed by these techniques do not make them impractical to use in the IoT. To the best knowledge of the authors, this is the first implementation of DC-net on sensors. Alongside, we provide a survey of the required strong cryptographic security mechanisms, like encryption of communication, to be in place. We describe how the current existing techniques can be facilitated to achieve unobservable communication for the IoT. This includes mechanisms for encrypted IoT communication like DTLS or message authentication like ECDSA signatures on IoT devices. For readers unfamiliar with the concepts of MIXing and DC-net, we explain and analyse how those techniques, formerly used to provide private communication in the Internet, can be applied to the IoT. We briefly survey what complementary features from the IoT architecture are helpful in providing strong protection in this particular use case. Finally, we state some recommendations hoping that following these will enable us to reduce the privacy invasiveness of the IoT on all levels. We think that this will be indispensable if IoT devices shall become a part of our daily lives without rendering us into an Orwellian society.

2018

1. Smart cities under attack: Cybercrime and technology response

   Staudemeyer, Ralf C, Voyiatzis, Artemios G, Moldovan, George, Suppan, Santiago Reinhard, Lioumpas, Athanasios, and Calvo, Daniel

   In Human-Computer Interaction and Cybersecurity Handbook, CRC Press,

   pp. 209-236, CRC Press, 2018.

   [Abs] [DOI 🡕]

   Smart cities rapidly deploy infrastructure for information and communication technologies (ICTs) and digitize the available information, creating models reflecting specific interactions and domains. The "Internet of Things" (IoT) is a prominent key technology that enables connections and communications with a vast number of smart city "things". Cybercrime is crime committed using computing and communication systems such as computers and networks. The chapter provides a primer on cybercrime in smart cities and possible technological countermeasures to it. It introduces the threat landscape, both for citizen-facing systems and smart infrastructures, and a survey of real-world incidents of attacks against smart cities. The chapter discusses the security and privacy requirements for IoT-based smart city components and the integration of citizen concerns and considerations in the design. Finally, it describes a list of recommendations for designing and deploying citizen-centric IoT-based systems for future smart cities.

2. The road to privacy in IoT: beyond encryption and signatures, towards unobservable communication

   Staudemeyer, Ralf C, Pöhls, Henrich C, and Wójcik, Marcin

   In Proc. of the 19th Int. Symp. on A World of Wireless, Mobile and Multimedia Networks (WoWMoM’18), pp. 14-20, IEEE, Jun, 2018.

   [Abs] [PDF ⌂] [DOI 🡕]

   Privacy requires more than just encryption of data before and during transmission. Privacy would actually demand hiding the sheer fact that communication takes place. This requires to protect meta-data from observation. We think that this feature is in particular useful and interesting for the Internet-of-Things. However, it requires strong cryptographic security mechanisms, like encryption of communication, to be in place. We motivate the need for strong privacy protection by highlighting privacy issues in a smart home use-case. We advance beyond encryption and discuss which existing techniques can be used to achieve unobservable communication. Then we describe the architecture needed to provide strong protection in this particular use-case. Lastly, we present the building blocks of the architecture we implemented so far on the Re-Mote sensor nodes running Contiki OS and sketch the computational and network overheads imposed by these techniques.

2017

1. From Dining Cryptographers to dining things: Unobservable communication in the IoT

   Bauer, Johannes, and Staudemeyer, Ralf C.

   In Proc. of the Int. Workshop on Computer-Aided Modeling Analysis and Design of Communication Links and Networks (CAMAD’17), 9p., IEEE, Jun, 2017.

   [Abs] [PDF ⌂] [DOI 🡕]

   The increasing adoption of the Internet of Things introduces new threats that affect the privacy of users. Current privacy enhancing technologies are not sufficient to address all these new threats. This paper explains one of the most powerful protocols, namely DC-net. The DC-net protocol, while more than 30 years old, was never used in real-life due to its overhead and sensitivity with regards to disrupters. However, many improvements have been contributed to the original protocol, which is summarised in this paper. The main contribution of this work is the implementation of a proof-of-concept DC-net suited for constrained microcontroller-based devices. The challenges faced and the optimisations done throughout the implementation are presented.

2. Security and Privacy for the Internet of Things Communication in the SmartCity

   Staudemeyer, Ralf C., Pöhls, Henrich C., and Watson, Bruce W.

   Designing, developing, and facilitating smart cities: urban design to IoT solutions, pp. 109-137, Springer International Publishing, Dec, 2017.

   [Abs] [DOI 🡕]

   Growing SmartCities means that the amount of information processed and stored to manage a city’s infrastructure (e.g., traffic, public transport, electricity) is growing as well. To manage this, SmartCities are deploying truly distributed and highly scalable information and communication (ICT) infrastructure, connecting a conglomerate of smart devices and ‘smart things’. In recent years, the term Internet-of-Things (IoT) was coined to describe constrained systems that react via sensors to physical changes in its environment and may be able to influence that environment via actuators. While ICT generally helps to ‘mine’ collected information, the IoT complements this with direct access to a sensor’s data or even taking immediate corrective action. Using the capabilities of the IoT to monitor and control the SmartCity implies numerous devices communicate data about the city its citizens. The communicated data is used to make decisions that will affect many citizens, and if not secured correctly, attackers (or other ‘errors’) could disrupt operation of the SmartCity. Moreover, collected data possibly impinges on basic privacy rights if not gathered, communicated and processed correctly. This chapter provides a primer on general information security, its main goals, and the basic IoT security challenges in the SmartCity. Built upon the basic IT security goals of confidentiality, integrity, and availability, this chapter addresses security and privacy problems faced in the communication aspects of the SmartCity. We highlight that security is a crucial enabler for the ICT-dependent SmartCity to base the decisions on reliable data and to execute commands securely. We specifically point out that security starts at the very beginning of the data collection and communication process. On top of this, we focus on major issues related to private communication, as privacy is a key acceptance factor for an ICT-enabled SmartCity by its citizens.

2016

1. Modelling the trustworthiness of the IoT (RERUM Deliverable 3.3)

   Charalampidis, Pavlos, Cuellar, Jorge, Fragkiadakis, Alexandros, Kasinathan, Prabhakaran, Pöhls, Henrich C., Ruiz-López, Darío, Staudemeyer, Ralf C., Suppan, Santiago, Tragos, Elias, and Weber, Ricarda

   119p., 2016.

   [Abs] [PDF ⌂] [URL 🡕]

   End-users in Smart Cities and in general in any Internet of Things (IoT) application will encounter many different devices and services of which they have no prior information. They will need to decide whether or not they can trust these devices and services with their information. On the otherhand, the owners and administrators of the applications will also have a strong interest in effectively detecting anomalous behaving devices and services in a cost-effective way. The addition of Reputation Evaluation procedures can enrich IoT Systems through the definition of reactions to those evaluations and the integration with the authorization mechanisms. This way, it is possible to let service clients to decide whether to rely on services with low Reputation Evaluations or define other reactions such as logging the changes in the reputation or warning System Administrators of unreliable devices.This document introduces a conceptual model for the IoT that allows defining the rules for evaluating Trust and Reputation, the reactions to this evaluation, and the integration of these reactions with the authorization mechanisms of the System. After defining the conceptual model, the next step is applying this model to the concrete case of RERUM. This document introduces a possible design of how to apply the model to the RERUM architecture and is used as a basis for implementing the POC prototypes of Task 3.4.

2. Laboratory Evaluation Results (RERUM Deliverable D5.3)

   Oikonomou, George, Staudemeyer, Ralf C., Fragkiadakis, Alexandros, Wójcik, Marcin, Tragos, Elias, Papadopoulos, Georgios, Pöhls, Henrich C., Angelakis, Vangelis, Katuri, Sesanka, Bauer, Johannes, Petschkuhn, Benedikt, Charalampidis, Pavlos, Stamatakis, George, Surligas, Manolis, and Makrogiannakis, Antonis

   104p., 2016.

   [Abs] [PDF ⌂] [URL 🡕]

   This report presents the results of the work undertaken as part of Task 5.3 “Proof‐of‐Concept Laboratory Experiments”. The aim of the in‐lab experiments is to conduct proof‐of‐concept controlled tests to assess both qualitatively and quantitatively the performance gains of the protocols and algorithms, as well as the individual system modules developed in work packages WP2‐WP4. The results of these lab tests will be used to identify potential issues and try to resolve them by revising the software or the hardware modules. This feedback cycle will result to the improvement of the components tested, and these will be applied in the first phase of the live trials in the pilot cities. For the performance evaluation activities, we followed the evaluation methodology defined in Deliverable D5.1. Moreover, this deliverable received the developed software and hardware components from T5.2. The results from the in‐lab experiments will enhance the components that will be integrated in task 5.2 for the trials performed in two cities, in task 5.4 for Heraklion and in in task 5.5 for Tarragona.

3. ECDSA on things: IoT integrity protection in practise

   Bauer, Johannes, Staudemeyer, Ralf C., Pöhls, Henrich C., and Fragkiadakis, Alexandros

   In Proc. of the 18th Int. Conf. on Information and Communications Security (ICICS’16), pp. 3-17, Springer International Publishing, 2016.

   [Abs] [PDF ⌂] [DOI 🡕]

   This paper documents some experiences and lessons learned during the development of an IoT security application for the EU-funded project RERUM. The application provides sensor data with end-to-end integrity protection through elliptic curve digital signatures (ECDSA). Here, our focus is on the cost in terms of hardware, runtime and power-consumption in a real-world trials scenario. We show that providing signed sensor data has little impact on the overall power consumption. We present the experiences that we made with different ECDSA implementations. Hardware accelerated signing can further reduce the costs in terms of runtime, however, the differences were not significant. The relevant aspect in terms of hardware is memory: experiences made with MSP430 and ARM Cortex M3 based hardware platforms revealed that the limiting factor is RAM capacity. Our experiences made during the trials show that problems typical for low-power and lossy networks can be addressed by the chosen network stack of CoAP, UDP, 6LoWPAN and 802.15.4; while still being lightweight enough to drive the application on the constrained devices investigated.

4. Trusted IoT in the complex landscape of governance, security, privacy, availability and safety

   Tragos, Elias Z., Bernabe, Jorge Bernal, Staudemeyer, Ralf C., Luis, Jose, Ramos, Hernandez, Fragkiadakis, Alexandros, Skarmeta, Antonio, Nati, Michele, and Gluhak, Alex

   In Digitising the Industry - Internet of Things Connecting the Physical, Digital and Virtual Worlds, River Publishers Series in Communications,

   pp. 210-239, River Publishers Series in Communications, 2016.

   [Abs] [DOI 🡕]

   The Internet of Things (IoT) has attracted a lot of attention the last decade due to the unprecedented opportunities it provides for economic growth and for improving the quality of life of citizens. This chapter focuses on a very important area for ensuring the provision of reliable information and for maximizing the security, privacy and safety of IoT: “Trust”. It describes the basic concepts of trust in the IoT, together with the reasons for evaluating trust in the IoT world. The chapter provides the basic concepts of trust management in the IoT, and presents ways to calculate the trustworthiness of IoT devices and services. It then presents an analysis of using Trust with regards to privacy and personal data sharing. The chapter also details the improvement of the authorization mechanism with the usage of trust and reputation.

5. Progress report on holistic security model for secure service composition (PRISMACLOUD Deliverable D7.3)

   Happe, Andreas, Hudic, Aleksandar, Länger, Thomas, Lorünser, Thomas, Palomares, Angel, Pöhls, Henrich C., Sell, Leon, and Staudemeyer, Ralf C.

   91p., 2016.
6. Towards quantifying the cost of a secure IoT: overhead and energy consumption of ECC signatures on an ARM-based device

   Mössinger, Max, Petschkuhn, Benedikt, Bauer, Johannes, Staudemeyer, Ralf C, Wójcik, Marcin, and Pöhls, Henrich C

   In Proc. of the 17th Int. Symp. on A World of Wireless, Mobile and Multimedia Networks (WoWMoM’16), 6p., IEEE, Jun, 2016.

   [Abs] [PDF ⌂] [DOI 🡕]

   In this paper, we document the overhead in terms of runtime, firmware size, communication and energy consumption for Elliptic Curve Cryptography (ECC) signatures of modern ARM-based constrained devices. The experiments we have undertaken show that the cryptographic capabilities of the investigated Zolertia Re-Mote based on a TI’s CC2538 chipset running Contiki OS is indeed suitable for the Internet-of-Things (IoT): Computing a signature using a curve with a 192-bit key length adds an additional runtime of roughly 200 ms. However, we found that in comparison to sending an unsigned message approximately two-thirds of the runtime overhead is spent on cryptographic operations, while sending the signed message accounts for the remainder. We give real measurements which can be used as a basis for analytical models. Our measurements show that the saving gained by using curves with lower security levels (i. e., 160-bit key length) is not worth the sacrifice in protection. While signatures add non-negligible overhead, we still think that the additional 200 ms (signing with secp192r) is worth consideration. This paper gives an indication of the true costs of cryptographically protected message integrity which is greater or equal to the cost of encryption. We show what needs to be spent in order to verify the origin of the data in the application, since in the IoT it will have travelled through many ‘things’.

2015

1. Privacy enhancing techniques in Smart City applications (RERUM Deliverable D3.2)

   Bauer, Johannes, Cuellar, Jorge, Fragkiadakis, Alexandros, Petschkuhn, Benedikt, Pöhls, Henrich C., Ruiz, Dario, Staudemeyer, Ralf C., Suppan, Santiago, Tragos, Elias Z., Weber, Ricarda, and Wojcik, Marcin

   292p., 2015.

   [Abs] [PDF ⌂] [URL 🡕]

   Privacy must be a major concern in any IoT related project, ever more so in Europe which values data privacy protecton and thus privacy-by-design becomes a legal obligation. Legal issues aside, as RERUM is focussed on the technology, achieving a high level of privacy is of paramount importance in the smart ciƟes domain to initially win —and keep— citizens’ active participation. D2.3 included components for a privacy-aware architecture of the RERUM platform and D3.2 gives the details on the design of the privacy components. To enable privacy D3.2 builds on top of RERUM’s baseline security concepts described in D3.1, especially confidentiality protection and authentication capabilities are required to build privacy. Privacy-by-design has to cover the whole IoT, its a truly cross-cutting topic: not only does it need to be considered on all architectural layers, i.e. its vertical to the ISO/OSI layers, it is also crossing the towards the socio-technical domain. D3.2 focusses on the Privacy Enhancing Technologies (PETs): A Consent Manager and a Privacy Dashboard to check and set Privacy Policies following the Sticky-Policy-approach, a Privacy Policy Enforcement Point, components to minimise data (pseudonym related components or a special PET for geo-location privacy), and an enhanced integrity component using Malleable Signatures. Hence, in this deliverable we describes RERUM’s steps towards allowing the IoT to adhere to privacy-by-design.

2. Burning money with firewalls

   Staudemeyer, Ralf C, and Connan, James

   South African Computer Journal (SACJ), vol. 56, pp. 165-167, South African Computer Society (SAICSIT), 2015.

   [Abs] [PDF ⌂] [DOI 🡕]

   Protecting computing infrastructure is an expensive but necessary task. Companies that run their own computing infrastructure need to constantly vigilant in order to guard against intruders on their networks and groups or individuals that seek to intercept their communications. Companies turn to Firewall and Intrusion Detection System vendors to help them safeguard their information and infrastructure. These companies are putting their faith in expensive devices that attempt to distinguish between friendly and malicious traffic. Despite the expense and complexity of these systems, malicious users seem to find ways to avoid detection and news of massive breaches have become an almost daily occurrence. We propose to fundamentally change the way to look at information security. We highlight some of the fundamental flaws in current systems and expose risks that many experts know, but are not aware of.

3. Watching Windows: An Open Source approach using PowerShell

   Schyff, Karl, and Staudemeyer, Ralf C

   In Proc. of the Southern Africa Telecommunication Networks and Applications Conference (SATNAC), pp. 189-194, 2015.

   [Abs] [PDF ⌂] [URL 🡕]

   Monitoring servers running Microsoft Windows can be a costly exercise, mainly related to software recommended by vendors. Academic environments with financial constrains have thus to either cease their monitoring endeavours or look towards open source solutions. In this paper we demonstrate how to monitor aspects of a Windows server in a simple and flexible way using open source tools. To accomplish this we make use of the script language PowerShell and the Nagios Remote Plugin Executor (NRPE) to gather information on a scheduled task within Windows Server 2012 R2. This paper addresses a knowledge gap that inhibits open source monitoring of Windows servers. Currently there is a wide range of plugins and scripts available at online repositories, but these do not always address specific aspects of Windows servers. Frequently those plugins deemed suitable are only available in binary form or written in a scripting language not pre-installed on a Windows server. This complicates information gathering. The suggested approach mitigates this by providing an example script, which can easily be customised to monitor almost any scheduled task.

4. Applying long short-term memory recurrent neural networks to intrusion detection

   Staudemeyer, Ralf C.

   South African Computer Journal (SACJ), vol. 56, pp. 136-154, South African Computer Society (SAICSIT), Jul, 2015.

   [Abs] [PDF ⌂] [DOI 🡕]

   We claim that modelling network traffic as a time series with a supervised learning approach, using known genuine and malicious behaviour, improves intrusion detection. To substantiate this, we trained long short-term memory (LSTM) recurrent neural networks with the training data provided by the DARPA / KDD Cup ’99 challenge. To identify suitable LSTM-RNN network parameters and structure we experimented with various network topologies. We found networks with four memory blocks containing two cells each offer a good compromise between computational cost and detection performance. We applied forget gates and shortcut connections respectively. A learning rate of 0.1 and up to 1,000 epochs showed good results. We tested the performance on all features and on extracted minimal feature sets respectively. We evaluated different feature sets for the detection of all attacks within one network and also to train networks specialised on individual attack classes. Our results show that the LSTM classifier provides superior performance in comparison to results previously published results of strong static classifiers. With 93.82% accuracy and 22.13 cost, LSTM outperforms the winning entries of the KDD Cup ’99 challenge by far. This is due to the fact that LSTM learns to look back in time and correlate consecutive connection records. For the first time ever, we have demonstrated the usefulness of LSTM networks to intrusion detection.

5. Securing the Internet of Things–Security and Privacy in a Hyperconnected World

   Tragos, Elias Z, Pöhls, Henrich C, Staudemeyer, Ralf C, Slamanig, Daniel, Kapovits, Adam, Suppan, Santiago, Fragkiadakis, Alexandros, Baldini, Gianmarco, Neisse, Ricardo, Langendörfer, Peter, and others,

   In Building the Hyperconnected Society- Internet of Things Research and Innovation Value Chains, Ecosystems and Markets, River Publishers,

   pp. 189-219, River Publishers, Sep, 2015.

   [Abs] [PDF ⌂] [DOI 🡕]

   The Internet of Things (IoT) introduces itself as a basic set of technological enablers to support the provision of innovative applications that can improve the quality of life of people and industrial productivity. IoT is increasingly supported by various stakeholders and market players that see clear business opportunities in this field. This chapter discusses the challenges for security and privacy in a hyperconnected world where humans are assisted by machines and technology, but not watched by or through them. It discusses the importance of protecting not only the data, but the metadata as well to ensure that the communication stays unobservable, providing also countermeasures regarding how to be protected from network traffic analysis. The chapter provides a discussion on enforcing security and privacy in the “Cloud”, as more and more IoT systems are utilizing the cloud both for storage and processing of the IoT data.

2014

1. Extracting salient features for network intrusion detection using machine learning methods

   Staudemeyer, Ralf C., and Omlin, Christian W.

   South African Computer Journal (SACJ), vol. 52, pp. 82-96, South African Computer Society (SAICSIT), Jun, 2014.

   [Abs] [PDF ⌂] [DOI 🡕]

   This work presents a data preprocessing and feature selection framework to support data mining and network security experts in minimal feature set selection of intrusion detection data. This process is supported by detailed visualisation and examination of class distributions. Distribution histograms, scatter plots and information gain are presented as supportive feature reduction tools. The feature reduction process applied is based on decision tree pruning and backward elimination. This paper starts with an analysis of the KDD Cup ’99 datasets and their potential for feature reduction. The dataset consists of connection records with 41 features whose relevance for intrusion detection are not clear. All traffic is either classified ‘normal’ or into the four attack types denial-of-service, network probe, remote-to-local or user-to-root. Using our custom feature selection process, we show how we can significantly reduce the number features in the dataset to a few salient features. We conclude by presenting minimal sets with 4–8 salient features for two-class and multi-class categorisation for detecting intrusions, as well as for the detection of individual attack classes; the performance using a static classifier compares favourably to the performance using all features available. The suggested process is of general nature and can be applied to any similar dataset.

2013

1. Evaluating performance of long short-term memory recurrent neural networks on intrusion detection data

   Staudemeyer, Ralf C, and Omlin, Christian W

   In Proc. of the South African Institute for Computer Scientists and Information Technologists Conference (SAICSIC), pp. 218-224, Association for Computing Machinery, 2013.

   [Abs] [PDF ⌂] [DOI 🡕]

   This paper evaluates the performance of long short-term memory recurrent neural networks (LSTM-RNN) on classifying intrusion detection data. LSTM networks can learn memory and can therefore model data as a time series. LSTM is trained and tested on a processed version of the KDDCup99 dataset. A variety of suitable performance measures are discussed and applied. Our LSTM network structure and parameters are experimentally obtained within a series of experiments presented. Results finally show that LSTM is able to learn all attack classes hidden in the training data. Furthermore we learn that the receiver operating characteristic (ROC) curve and the corresponding area-under-the-curve (AUC) value are well suited for selecting well performing networks.

2012

1. Das Nagios/Icinga Kochbuch

   Kucza, Timo, and Staudemeyer, Ralf

   592p., ISBN: 978-3868993462, O’Reilly Germany, 2012.

   [PDF ⌂]
2. The importance of time: Modelling network intrusions with long short-term memory recurrent neural networks

   Staudemeyer, Ralf C.

   PhD thesis, University of the Western Cape, 224p., 2012.

   [Abs] [PDF ⌂] [URL 🡕]

   We claim that modelling network traffic as a time series with a supervised learning approach, using known genuine and malicious behaviour, improves intrusion detection. To substantiate this, we trained long short-term memory (LSTM) recurrent neural networks with the training data provided by the DARPA / KDD Cup ’99 challenge. After preprocessing all features to improve information gain, we applied a number of intuitive steps to extract salient features, which resulted in the creation of a number of minimal feature sets that could be used for detecting attack classes. The preprocessed KDD Cup ’99 data was then used to test the performance of five very common and well-known classifiers: Decision trees, naïve Bayes, Bayesian networks, feed- forward neural networks, and support vector machines. Our results show a performance comparable to the winning entries of the KDD Cup ’99 challenge. Finally, we applied the LSTM recurrent neural network classifier to the preprocessed data using the minimal feature sets. Our results show that the LSTM classifier provides superior performance in comparison to other strong static classifiers trained. This is due to the fact that LSTM learns to look back in time and correlate consecutive connection records. For the first time ever, we have demonstrated the usefulness of LSTM networks to intrusion detection.

2009

1. Feature set reduction for automatic network intrusion detection with machine learning algorithms

   Staudemeyer, R, and Omlin, CW

   In Proc. of the Southern African Telecommunication Networks and Applications Conference (SATNAC), vol. 105, 6p., 2009.

   [Abs] [PDF ⌂] [URL 🡕]

   Selecting a minimum set of core features for au-tomatic network intrusion detection with a variety of machine learning algorithms is a challenging problem. In this paper we propose a minimum feature set which can be easily extracted from network traffic. We compare decision trees, neural net-works, naive Bayes and Bayesian networks classifiers performing on the KDDCup99 datasets. We show that by feature selection and preprocessing a comparable classification performance is achievable for the benefit of a significant reduction of training time.

2005

1. A Metric of Trust for Ad-hoc Networks using Direct Source Routing Algorithms

   Umuhoza, Denise, Staudemeyer, Ralf C., and Omlin, Christian W.

   In Proc. of the Southern Africa Telecommunication Networks and Applications Conference (SATNAC), 9p., 2005.

   [Abs] [PDF ⌂] [URL 🡕]

   Security issues and concerns formobile ad-hoc networks have not yet been satisfactorily addressed, let alone solved. New mechanisms have to be designed and implemented in order to secure communications. In this paper, we present our work in progress on the development of a metric of trust for mobile ad-hoc networks. We introduce the routing problem in mobile ad-hoc networks and present our novel solution which has a number of important advantages over existing solutions. We give a detailed discussion of this new metric. The traffic analysis technique we use collects information on patterns of communications and performs a statistical analysis on these traffic patterns. The metric is designed to distinguish between malicious security attacks and benign link faults. It is particularly useful in unobservable networks where nodes do not reveal any valuable information and an attacker is forced to launch active attacks.

2. Attacker models, traffic analysis and privacy threats in IP networks

   Staudemeyer, RC, Umuhoza, D, and Omlin, CW

   In Proc. of the 12th Int. Conf. on Telecommunications (ICT’05), 7p., 2005.

   [Abs] [PDF ⌂] [URL 🡕]

   In this position paper, we present attacker models and discuss threats that attackers pose to privacy in IP Networks. These models abstract from implementation details and network infrastructure. We distinguish between passive and active attacks and discuss solutions that provide protection against such attacks. We conclude that protection against passive attacks can only be guaranteed if we can achieve unobservability of all communication. In a network in which communication is unobservable the only remaining threats are active attacks; these however can be detected and countermeasures can be initiated.

2003

1. Anwendung der Tele-Immersion in Weitverkehrsnetzen

   Olbrich, Stephan, Hege, Hans-Christian, Berg, Alexander, Busch, Hubert, Chmielewski, Karsten, Diekmann, Arnd, Ditschke, Dirk, Einhorn, Ralf, Göthel, Oliver, Heidl, Sebastian, Staudemeyer, Ralf C., and others,

   102p., 2003.

   [PDF ⌂] [URL 🡕]

2002

1. Teleimmersion–Erfahrungen mit der Gigabit-Ethernet-Strecke zwischen Berlin und Hannover

   Busch, Hubert, Heidl, Sebastian, Staudemeyer, Ralf, and Stolle, Manfred

   DFN-Mitteilungen, vol. 58, pp. 7-9, 2002.

   [PDF ⌂] [URL 🡕]
2. Technische Grundlagen des Nomadic Computing

   Staudemeyer, Ralf C.

   Master's thesis, Humboldt-Universität zu Berlin (HUB), 77p., 2002.

   [PDF ⌂] [URL 🡕]

2000

1. Implementation von WAP-Diensten für die SGI/CRAY T3E des ZIB

   Staudemeyer, Ralf C., and Heidl, Sebastian

   vol. 41, 53p., 2000.

   [PDF ⌂] [URL 🡕]