Security

Network Security

We are actively working on security protocols and methods for authentication as well as access control. To evaluate security properties, we also apply formal methods like model checking. We work with new protocols or modifications of existing protocols that use hardware security chips as the Trusted Platform Module (TPM) or Smart Cards.

Protection against DoS Attacks

Today (Distributed) Denial of Service Attacks are a major threat to the internet. In the past years there were attacks against the Internet infrastructure (i.e. DNS root servers), various services and companies and even against private persons using specific services (i.e. XBOX live). We are researching different ways to mitigate this threat.

Some networks are specially vulnerable against DoS attacks, for example if a core service that other services depend on has only limited capacity available. An attack against such a service will also affect dependend services. We are working on methods to check network and service topologies for such weaknesses.

Defense against ongoing attacks is easier if the defender has the possibility to flexibly re-configure his network topology. We are working on virtualization techniques that allow to change the network on the fly to limit the consequences on an attack.

Another research topic is the defense of HTTP-Servers by redirecting traffic between the client and multiple proxies. This way the attacker has to spend more resources to cause load on the server.

Honeypots, Malware Analysis and Intrusion Detection

In order to protect networks against Distributed Denial of Service Attacks understanding the mechanisms which are used to conduct these attacks is crucial. 

Our research activities therefore deal with the investigation of malware and botnets. We employ different kinds of honeypots in order to collect worms and other kinds of malware. All collected malware is automatically analyzed in sandbox environments in order to gain knowledge about its functionality and the botnets which are build with it. Using the results of our analysis enables us to enhance our traffic analysis and intrusion detection methods.

Network Access Control and Applications of Trusted Computing Technology

We work on authentication and authorization in various areas of networking. Peer-to-Peer networks and other self-organising systems, Web Services, and sensor networks are some examples. Especially in the context of (partially) self-organising systems, we investigate solutions that go beyond classic X.509 PKI or shared key infrastructures.

To this end, we develop cryptographic protocols, especially for authentication and conduct security analyses. One way to do this is to apply methods of model checking. We also adapt yet unprotected applications and services to be able to use standardized state-of-the-art security solutions (TLS, IPSec, WS Security, XACML, …) with them.

We also work on security solutions that use the Trusted Platform Module (TPM) technology. One use-case for TPM is  the secure storage of keys. Users cannot interfere and copy keys to insecure locations. The same is true for attackers who might want to get hold of the key to attack the network and its services. We also investigate Remote Attestation with the help of TPM. Remote Attestation allows to signal to another party that only a certain set of applications and a certain version of an Operating System (OS) is running on a computer. The primary usage is to avoid that worms, trojan horses or users of the system comprise its security by installing attack software. This is especially useful in business settings where even priviledged users could be attackers that need to be stopped.

Scientists: Dr. Fabien Geyer, Dr. Johann Schlamp, Sree Harsha Totakura, M. Sc, Stefan Liebald, M. Sc., Dr. Matthias Wachs, Dr. Marc-Oliver Pahl, Dr. Ralph Holz, Marcel von Maltitz, M. Sc., Maja Sulovic, Prof. Dr.-Ing. Georg Carle, Dr. Cornelius Diekmann, Dipl.-Ing. Univ. Quirin Scheitle, Dr. Holger Kinkelin, Jonas Jelten, Oliver Gasser, M.Sc., Minoo Rouhi, M. Sc., Cora-Lisa Perner, Dr. Heiko Niedermayer

Projects: securemail, DecADe, AutoMon, X-Check, SENDATE, SafeCloud, BaaS, SURF, Peeroskop, IDEM, ResumeNet, AutHoNe, SpoVNet, SASER, EINS, SecFuNet, ANSII

Publications (newest, Full list):

2017-11-01 Johanna Amann, Oliver Gasser, Quirin Scheitle, Lexi Brent, Georg Carle, Ralph Holz, “Mission Accomplished? HTTPS Security after DigiNotar,” in Proceedings of the Internet Measurement Conference (IMC 2017), Community Contribution Award, London, UK, Nov. 2017. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2017-08-01 Quirin Scheitle, Matthias Wählisch, Oliver Gasser, Thomas C. Schmidt, Georg Carle, “Towards an Ecosystem for Reproducible Research in Computer Networking,” in ACM SIGCOMM Reproducibility Workshop, Los Angeles, USA, Aug. 2017. [Pdf] [Slides] [Bib]
2017-06-01 Marcel von Maltitz, Cornelius Diekmann, Georg Carle, “Privacy Assessment using Static Taint Analysis (Tool Paper),” in FORTE – 37th IFIP International Conference on Formal Techniques for Distributed Objects, Components and Systems, Neuchatel, Switzerland, Jun. 2017. [Url] [Preprint] [Slides] [Sourcecode] [Rawdata] [Extended version] [DOI] [Bib]
2017-06-01 Quirin Scheitle, Oliver Gasser, Patrick Sattler, Georg Carle, “HLOC: Hints-Based Geolocation Leveraging Multiple Measurement Frameworks,” in Network Traffic Measurement and Analysis Conference (TMA), Best Dataset Award, Dublin, Ireland, Jun. 2017. [Pdf] [Slides] [Rawdata] [Arxiv] [Bib]
2017-06-01 Matthias Wachs, Quirin Scheitle, Georg Carle, “Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication,” in Network Traffic Measurement and Analysis Conference (TMA), Best Paper Award, Jun. 2017. [Pdf] [Slides] [Recording] [Bib]

Blockchain

Blockchain Technology

Blockchains are one of the most interesting and relevant technologies that were created in recent years. Their initial purpose has been serving as a non-erasable and tamperproof ledger for decentralized payment systems. Besides this applicationo area, Blockchain technology can be used in other types of networked systems as a trusted building block comparable to a secure element in computer hardware.

For this reason, our first research focus are Trustworthy Networked Services based on Blockchain Technology. Furthremore, we perform Behavioral Analysis of Blockchains to better understand their network-related properties. Besides research, Blockchains play an important role in our courses.

Blockchain-Based Trustworthy Networked Services

The first focal point of our activities around Blockchains is our investigation how Blockchain technology can help us to build trustworthy and secure networked services. This includes research on federated identity management across different institutions, and secure and accountable configuration of networked devices.

Behavioral Analysis of Blockchains

Our chair has a long history in traffic measurement and analysis. For this reason, our second research focus on Blockchains is understanding their behavior in networks, and which effects Blockchains have on the network. Hence, we are currently building tools for our network test bed that allow us to conduct reproducible experiments with different Blockchain implementations in a controlled environment.

Courses

In our lecture on Peer-to-Peer Systems and Security (IN2194) there is currently a large chapter dedicated to this topic. Furthermore, we offer a Blockchain experiment in our lab course iLab2 (IN0012, IN2106, IN2257, IN4097, IN8018). Lastly, we offer topics on the subject in our seminars and pro seminar.

Further Information

You find further information about our activities on our B²TNS interest group page on this topic.

Scientists: Stefan Liebald, M. Sc., Prof. Dr.-Ing. Georg Carle, Dr. Holger Kinkelin, Dr. Heiko Niedermayer

Projects: DecADe

Privacy

Information Privacy

Privacy is another issue we are working on. This includes privacy in protocol design as well as anonymity on the Internet. Network security in general is related to many of our other research topics. Intrusion Detection is strongly related to monitoring. As Peer-to-Peer systems are increasingly used to improve classic client/server systems, securing Peer-to-Peer and other self-organising systems is in our focus.

Data privacy

Besides classical network security, the privacy has become an important topic of research. We focus on data protection and the control of data flows dudring full life-cycle in distributed systems. We therefore investigate which data emerges in cutting edge technology like smart buildings or smart cars and assess their criticality with respect to privacy. We then work on solutions how to better protect information, how to make data flows and their processing more transparent to the end user and we provide measures in order to let them stay in control of their own information.

Scientists: Dr. Matthias Wachs, Marcel von Maltitz, M. Sc., Prof. Dr.-Ing. Georg Carle, Dr. Holger Kinkelin, Cora-Lisa Perner, Lukas Schwaighofer, M.Sc., Dr. Heiko Niedermayer

Projects: securemail, DecADe, SafeCloud, IDEM, EINS

Publications (newest, Full list):

2017-06-01 Marcel von Maltitz, Cornelius Diekmann, Georg Carle, “Privacy Assessment using Static Taint Analysis (Tool Paper),” in FORTE – 37th IFIP International Conference on Formal Techniques for Distributed Objects, Components and Systems, Neuchatel, Switzerland, Jun. 2017. [Url] [Preprint] [Slides] [Sourcecode] [Rawdata] [Extended version] [DOI] [Bib]
2016-11-01 Marcel von Maltitz, Cornelius Diekmann, Georg Carle, “Taint Analysis for System-Wide Privacy Audits: A Framework and Real-World Case Studies.” 1st Workshop for Formal Methods on Privacy, Nov-2016. workshop without proceedings [Preprint] [Sourcecode] [Rawdata] [Bib]
2016-09-01 Daniel Sel, Sree Harsha Totakura, Georg Carle, “sKnock: Scalable Port-Knocking for Masses ,” in Workshop on Mobility and Cloud Security & Privacy, Budapest, Hungary, Sep. 2016. [Preprint] [Sourcecode] [Bib]
2016-05-01 Cornelius Diekmann, Julius Michaelis, Maximilian Haslbeck, Georg Carle, “Verified iptables Firewall Analysis,” in IFIP Networking 2016, Vienna, Austria, May 2016. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2015-11-01 Cornelius Diekmann, Lukas Schwaighofer, Georg Carle, “Certifying Spoofing-Protection of Firewalls,” in 11th International Conference on Network and Service Management, CNSM, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Sourcecode] [Rawdata] [DOI] [Bib]

Measurements

Traffic Measurement and Analysis

Overview

An important prerequisite for many network operation tasks today is the availability of traffic measurement functions that provide information about the current traffic characteristics with low latency. The resulting measurement data can then be analyzed and interpreted in order to classify the traffic into application classes, to detect malicious activities (e.g., worm outbreaks or botnet traffic), or to detect network malfunctions. Furthermore, communication patterns observed in a network allow inferring dependencies between different service, which is useful to identify the most critical components and end systems in a network.

Our research work focuses on the development and evaluation of novel passive traffic measurement functions, in particular for real-time packet-level and flow-level measurements, as well as the analysis of packet and flow data for traffic classification and the detection of attacks and anomalies. Furthermore, we contribute to standardization bodies, especially to the IETF.

Packet and Flow-based Traffic Measurement

Packet-based traffic measurements deal with the capturing of traffic traces which contain packet header information and optionally parts of the payload as well. Typical systems performing packet-based traffic measurements are network analyzers and network-based intrusion detection systems which analyze the captured packets directly. However, it is also possible to capture the traffic at routers and network monitors which export the resulting measurement data to a remote analysis systems. A recent IETF standard for the export of packet reports to a remote collector is the PSAMP protocol specified in RFC5476.

Packet-based traffic measurements in high-speed networks require a lot of computational and memory resources. A less demanding alternative are flow-based traffic measurements which gather statistics about flows of packets sharing a set of common properties called flow keys. A typical set of flow keys consists of the IP quintuple of transport protocol, source IP address, destination IP address, source port, and destination port. The IETF standard for exporting flow records is the IPFIX protocol specified in RFC5101.

Our group is working on advanced monitoring and export functions for PSAMP and IPFIX compliant devices. For evaluation and practical deployment, we implement these advanced functions as software solutions, mainly in C and C++. Most of this implementation work takes place in the scope of the HISTORY project, which is a joint project with the University of Erlangen, aiming at the development of open-source software tools for high-speed network monitoring and analysis. The main software tool developed in this context is VERMONT, which is a modular monitoring probe supporting IPFIX and PSAMP export and collection.

Members of our group have been actively contributing to the standardization of IPFIX and PSAMP. In particular, we are working on a data model for configuring monitoring devices. Further standardization initiatives concern the secure and efficient transport of monitoring data using encryption and compression methods.

Configuration of Monitoring Probes

Attack and Anomaly Detection

The detection of harmful traffic caused by attacks, worms, or botnets still is an interesting research topic. Although abundant research work has been conducted in this area, the emergence of new security threats (e.g., flux and fast-flux botnets) and the ever changing characteristics of benign network utilization (e.g., mobile web 2.0 applications) require a continuous research effort.

One of our research activities in this area deals with the investigation of worm and botnet traffic. With the resulting knowledge, we develop innovative monitoring and detection functions which enable the detection of such malicious traffic with limited computational and memory resources. Furthermore, we work on methods for detecting traffic anomalies in flow data. Since many anomalies are the result of harmless traffic variations, the principal objective is to find appropriate traffic metrics and detection methods which are primarily sensitive to incidents which are of potential relevance for the network administrator.

Traffic Classification

Network operators are interested in identifying the traffic of different applications in order to monitor and control the utilization of the available network resources. Since the traffic of many new applications cannot be identified by specific port numbers, deep packet inspection (DPI) is the current technology of choice. However, DPI is very costly as it requires a lot of computational resources as well as up-to-date signatures of all relevant applications. Furthermore, DPI is limited to unencrypted traffic. 

In order to overcome the limitations and drawbacks of port and content-based traffic classification, the development of statistical classification methods has become an important area of research. As part of the LUPUS project, our goal is to find new traffic properties and metrics which can be derived from passive traffic measurements and which allow us to better distinguish between different protocols and applications. Thereby, we concentrate on statistical methods which are easy to implement and to deploy in real networks.

Scientists: Dr. Fabien Geyer, Dr. Johann Schlamp, Edwin Cordeiro, M.Sc., Dominik Scholz, M.Sc., Dr. Ralph Holz, Dipl.-Ing. Univ. Quirin Scheitle, Oliver Gasser, M.Sc., Minoo Rouhi, M. Sc., Lukas Schwaighofer, M.Sc., Johannes Naab, M.Sc.

Projects: MOONSHINE, AutoMon, X-Check, SENDATE, I2RS, DFG LUPUS, Vermont, Peeroskop, Diadem Firewall, COST TMA, HISTORY - HIgh Speed neTwork mOnitoRing and analYsis, SASER

Publications (newest, Full list):

2017-11-01 Johanna Amann, Oliver Gasser, Quirin Scheitle, Lexi Brent, Georg Carle, Ralph Holz, “Mission Accomplished? HTTPS Security after DigiNotar,” in Proceedings of the Internet Measurement Conference (IMC 2017), Community Contribution Award, London, UK, Nov. 2017. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2017-09-01 Daniel Raumer, Simon Bauer, Paul Emmerich, Georg Carle, “Performance Implications for Intra-node Placement of Network Function Chains,” in IEEE 6th International Conference on Cloud Networking (CloudNet’17), Prague, Czech Republic, Sep. 2017. [Pdf] [Bib]
2017-08-01 Quirin Scheitle, Matthias Wählisch, Oliver Gasser, Thomas C. Schmidt, Georg Carle, “Towards an Ecosystem for Reproducible Research in Computer Networking,” in ACM SIGCOMM Reproducibility Workshop, Los Angeles, USA, Aug. 2017. [Pdf] [Slides] [Bib]
2017-07-01 Paul Emmerich, Daniel Raumer, Sebastian Gallenmüller, Florian Wohlfart, Georg Carle, “Throughput and Latency of Virtual Switching with Open vSwitch: A Quantitative Analysis,” to appear in Journal of Network and Systems Management, Jul. 2017. [DOI] [Bib]
2017-06-01 Quirin Scheitle, Oliver Gasser, Minoo Rouhi, Georg Carle, “Large-Scale Classification of IPv6-IPv4 Siblings with Variable Clock Skew,” in Network Traffic Measurement and Analysis Conference (TMA), Jun. 2017. [Pdf] [Slides] [Rawdata] [Recording] [Arxiv] [Bib]

Sdn

Software Defined Networking

Software-defined networking (SDN) allows the separation of networks into a lower-level data plane and a higher-level control plane. The former performs the actual packet forwarding task whereas the latter allows centralized control and management for computer networks. This concept - originally from academia - gained additional support by industry, where SDN enables the development of innovative and radically new applications for users like data centers or Internet providers.

We apply SDN in different areas of our activity. One area is the development of new concepts that combine security and monitoring with systematic performance analysis of Virtual Network Functions (VNF) and Network Function Chaining (NFC). This includes measuring and modeling of virtualization technologies in NFC setups using network functions such as Firewalls, Load Balancing, or Deep Packet Inspection (DPI). Another area of research is the development of solutions for secure and scalable communication network infrastructures achieving cost-efficient, energy-efficient, reliable, and stable routing. These developments include flow-based network monitoring and network security applications. The design and development of an observational analysis system for the network’s backbone routing is also part of ongoing research. Core components are mechanisms allowing information fusion and classification for understanding the impact of SDN on backbone networks. For research purpose, the chair maintains its own testbed featuring SDN-enabled hardware and software as well as a toolset for high-speed traffic measurements. Utilizing this testbed allows us to investigate the feasibility of multicore systems for high-speed packet processing. Moreover, methods for performance evaluation and improvement of packet processing were developed, to gain an understanding of the interaction between various hardware and software components.

Formal Methods for SDN Security Administration (FM-SDN-SA)

One area of our SDN-related research is to apply formal methods for security administration of Software-Defined Networks. This work has been performed in part in connection the EU project EINS, the Network of Excellence on Internet Science. A huge part of a network's security depends on its configuration and administration. Network segmentation and isolation prevent unauthorized accesses and information leakage. It is a well-known fact in the area of firewalls that configuring and administrating network security policies is an error-prone process.

Our work focuses on two aspects: First, we provide tool support to understand existing, legacy network configurations and migrate them to SDN. Second, we develop methods to ease the inherent management complexity. Both aspects focus on tool support and automation to prevent human error. It is important not to replace human error with errors in our tools; consequently, all our methods are machine-verifiable proven correct with the Isabelle/HOL theorem prover.
Aspect one: It is important to understand existing, legacy network configuration before a network can be migrated to SDN. We focus one specific technology: Linux/netfilter iptables. The iptables firewall is wide-spread, real-world approved, and supports many features. Consequently, there are numerous configurations which utilize a vast amount of features, and as many deployments exist for a long time, many configurations are no longer fully understood by their administrator(s). We have collected many such configurations and developed scientific methods to understand challenging configurations. These methods have a large potential to be applied to other SDN-related network technologies. We provide a formal semantics for iptables packet filtering. Given those formal foundations, we provide tools to check BCP 38 and visualize the network access control policies implied by a firewall. Current work includes translating iptables and routing configuration to the Open vSwitch in a fully automated and fully machine-verified manner.
Aspect two: Managing access control policies by hand scales quadratically with the number of (logical) network participants. Consequently, managing access control policies by hand is error prone. We have shown that even advanced administrators may make errors for policies with only ten hosts. To conquer this complexity challenge, we provide management methods on higher abstraction layers. We have presented a full toolchain to automatically translate network security invariants to Open vSwitch and iptables configurations. Those high-level security invariants directly encode the scenario-specific security requirements, are modular and composable, and can be securely auto-completed. Consequently, managing security invariants instead of low-level access control policies removes inherent complexity and can thus prevent human error. In addition, our tool can give feedback about the specified invariants and verify existing configurations – e.g. obtained by (aspect one) – against such invariants.

Scientists: Daniel G. Raumer, M.Sc. , Edwin Cordeiro, M.Sc., Dominik Scholz, M.Sc., Paul Emmerich, Maja Sulovic, Prof. Dr.-Ing. Georg Carle, Florian Wohlfart, M.Sc., Dr. Cornelius Diekmann, Jonas Jelten, Lukas Schwaighofer, M.Sc., Dr. Heiko Niedermayer, Sebastian Gallenmüller

Projects: SENDATE, I2RS, SASER, EINS, SecFuNet

Publications (newest, Full list):

2017-07-01 Paul Emmerich, Daniel Raumer, Sebastian Gallenmüller, Florian Wohlfart, Georg Carle, “Throughput and Latency of Virtual Switching with Open vSwitch: A Quantitative Analysis,” to appear in Journal of Network and Systems Management, Jul. 2017. [DOI] [Bib]
2016-10-01 Julius Michaelis, Cornelius Diekmann, “LOFT – Verified Migration of Linux Firewalls to SDN,” Archive of Formal Proofs, Oct. 2016. Formal proof development [Url] [Bib]
2016-09-01 Cornelius Diekmann, Lars Hupel, “Iptables_Semantics,” Archive of Formal Proofs, Sep. 2016. Formal proof development [Url] [Bib]
2016-08-01 Julius Michaelis, Cornelius Diekmann, “Routing,” Archive of Formal Proofs, Aug. 2016. Formal proof development [Url] [Bib]
2016-08-01 Cornelius Diekmann, Julius Michaelis, Max Haslbeck, “Simple Firewall,” Archive of Formal Proofs, Aug. 2016. Formal proof development [Url] [Bib]

Fi

Future Internet

The Internet was designed about 40 years ago, and initially was intended as a means of communication only for a relatively small group of people in academic and research contexts. As we all know, the Internet has meanwhile experienced an enormous growth; the number of hosts and thus the number of users has grown by several orders of magnitude. At the same time, some assumptions that drove the Internet's original design are no longer true today: An increasing number of end devices is mobile and thus frequently changes its location in the topology. Not only some users, but end hosts and even entire networks

Scientists: Sree Harsha Totakura, M. Sc, Stefan Liebald, M. Sc., Edwin Cordeiro, M.Sc., Jan Seeger, Dr. Marc-Oliver Pahl, Benjamin Hof, M.Sc., Jonas Jelten, Dr. Heiko Niedermayer

Projects: SafeCloud, BaaS, ResumeNet, AutHoNe, EINS, SecFuNet, OpenLab-Eclectic

Publications (newest, Full list):

2016-09-01 Daniel Sel, Sree Harsha Totakura, Georg Carle, “sKnock: Scalable Port-Knocking for Masses ,” in Workshop on Mobility and Cloud Security & Privacy, Budapest, Hungary, Sep. 2016. [Preprint] [Sourcecode] [Bib]
2016-05-01 Cornelius Diekmann, Julius Michaelis, Maximilian Haslbeck, Georg Carle, “Verified iptables Firewall Analysis,” in IFIP Networking 2016, Vienna, Austria, May 2016. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2015-11-01 Cornelius Diekmann, Andreas Korsten, Georg Carle, “Demonstrating topoS: Theorem-Prover-Based Synthesis of Secure Network Configurations,” in 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Slides] [Sourcecode] [DOI] [Bib]
2015-11-01 Cornelius Diekmann, Lukas Schwaighofer, Georg Carle, “Certifying Spoofing-Protection of Firewalls,” in 11th International Conference on Network and Service Management, CNSM, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Sourcecode] [Rawdata] [DOI] [Bib]
2015-06-01 Cornelius Diekmann, Lars Hupel, Georg Carle, “Semantics-Preserving Simplification of Real-World Firewall Rule Sets,” in 20th International Symposium on Formal Methods, Jun. 2015, pp. 195–212. [Url] [Preprint] [Slides] [Sourcecode] [Rawdata] [DOI] [Bib]

P2p

Peer-to-Peer and Overlay Networks

Overview

Overlay networks change the structure of a network to a structure of their need. Applications organize and manage their networks. Peer-to-Peer overlays allow to utilize resources at the edges of the network – resources from service providers as well as home users. The decentralized nature of the Peer-to-Peer paradigm allows new ideas, but also leads to additional problems with respect to security and service quality. We research on improving resilience with Peer-to-Peer methods, on security for overlay networks in general, spontaneous networks, and on the optimization of overlay networks using Cross-Layer information and measurements.

Resilience of P2P Systems

Peer-to-Peer networks provide a diversity of nodes and links that is unknown to the classic Client/Server Internet. This is beneficial for all services that profit from diversity. In the project ResumeNet we work on improving the resilience of networked service in future networks. The use of Peer-to-Peer methods is our first choice.

We adapted and studied the use of the Kademlia/KAD DHT to lookup services. Even when a lot of nodes fail a lookup can succeed. Future DNS service could also be more resilient with this kind of service resilience. Network resilience is based on the idea to use different additional route to the traditional IP routing. In case of failures or triangular inequality violations one may use overlay routes to improve performance or resolve failures.

Security and Privacy

Authentication and Authorization in Peer-to-Peer systems is usually delegated to a server. We developped new means to overcome this limitation and still provide reasonable security. The idea is to use social structures of humans behind the peers to form clusters of nodes that operate as one clique (or domain). The more scalable level of the cliques is used to build trust between the "servers" of different cliques. As trust establishment needs to deal with yet untrusted potentially insecure cases, we propose to include a risk assessment in the authentication and authorization process. Applications can then decide if they interact in order to build trust or skip the communication.

We also study attacks and defenses against Peer-to-Peer systems, in particular the Sybil and Eclipse attack. The increasing combination of social networks and Peer-to-Peer systems is not only used for security, but also studied in order to preserve the privacy of users.

Spontaneous Networks

Spontaneous Networks are formed spontaneously to provide a certain functionality for some time. Together with other partners we developped an architecture for such networks in the SpoVNet project. We expect that future services will utilize service-specific networks in a Future Internet. Given enough diversity, spontaneous interactions of hetergeneous systems will be a building-block in future networks.

Cross-Layer Measurement and Optimization

CLIO and UNISONO are our tools to collect and measure Cross-Layer information. UNISONO is a generic tool that operates within the system. CLIO adapts spontaneous overlays from the SpoVNet project to UNISONO. In SpoVNet, we use this to optimize multicast and video services.

Combining Server and P2P Infrastructures

The P2P paradigm has advantages and disadvantages. The Client/Server paradigm also has advantages and disadvantages. The idea here is that we could benefit from the advantages of both if we combine server and P2P system properly. The project CoSIP improve resilience for VoIP signalling using a server for performance and a P2P network for resilience when the server is unreachable. In other work we study the interaction of Cloud Computing and Peer-to-Peer. This may allow normal home users to benefit from the advent of Cloud Computing and lead to new kinds of applications.

Scientists: Dr. Fabien Geyer, Sree Harsha Totakura, M. Sc, Dr. Matthias Wachs, Dr. Ralph Holz, Dr. Heiko Niedermayer

Projects: ResumeNet, SpoVNet, Multimedia Conferencing, OpenLab-Eclectic

Publications (newest, Full list):

2009-11-01 Ralph Holz, Dirk Haage, “CLIO/UNISONO: Practical Distributed and Overlay-Wide Network Measurement (ext. abstract),” in 4th GI/ITG KuVS Workshop on The Future Internet and 2nd Workshop on Economic Traffic Management (ETM), Zürich, Switzerland, Nov. 2009. [Bib]
2009-11-01 Dirk Haage, Ralph Holz, “Optimization of Distributed Services with UNISONO (ext. abstract),” in GI/ITG KuVS Fachgespräch NGN Service Delivery Platforms & Service Overlay Networks, Berlin, Germany, Nov. 2009. [Bib]
2009-03-01 Dirk Haage, Ralph Holz, Heiko Niedermayer, Pavel Laskov, “CLIO – A Cross-Layer Information Service for Overlay Network Optimization,” in Kommunikation in Verteilten Systemen (KiVS) 2009, Kassel, Germany, Mar. 2009. [Pdf] [Homepage] [Bib]
2007-07-01 Oliver Waldhorst, Roland Bless, Dirk Haage, et. al., “SpoVNet: An Architecture for Supporting Future Internet Applications,” in 7th Würzburg Workshop on IP: Joint EuroFGI and ITG Workshop on "Visions of Future Generation Networks", Würzburg, Germany, Jul. 2007. [Bib]

Selfmgmt

Autonomic Networks / Self-Management

Networks have become ubiquitous in our lives. The humanity is dependent on a functioning of a multitude of different networks. Even for experts, manually running these networks has grown to a increasingly difficult task close to impossibility. It is therefore indispenable to increase management automation up to a state of autonomy.

Not only larger operator controlled networks are important also smaller scale networks have a growing importance. More and more devices in our houses and our everyday lives have networking capabilities to offer advanced functionality.

We target management automation from several directions.

Content-Centric Management for Future Networks

We are currently developing a platform for secure distributed autonomic content-centric management. Our aim is to contribute to the standardization of a network management that meets the requirements of today.

With the raising amount of technical equipment in our daily environments (e.g. at home), autonomic functionality becomes necessary to automatically integrate new hardware. With the abstraction of our platform new applications become possible that make life more agreeable…

Besides the core architecture our special research interests are Remote Access, Trust mechanisms, Security as well as Services and Applications for networks with our new autonomic mechanisms.

Large Multitechnology Operator controlled networks

Management of Operator Networks, especially mobile networks has grown very complicated for several reasons.

There is a increasing number of access technologies that are used within a single network. Several generations of the same technologies have to be seamlessly integrated to provide a unique user experience. As for example the parallel operation of 2G, 3G and 3.5G networks. In the future additional radio technologies as for example LTE or WiMAX will be integrated in the same way. Operators have to handle the large number of Network Elements but also have to provide a fine tuned configuration to enable seamless operation between different access networks. In order to handle those heterogeneous multi vendor networks with their complex inderdependencies new management concepts are required.  We focus to provide a system that offers a high degree of automation and aims at autonomic management while stilll beeing under full operator control. Operation and maintenance staff should be freed from time consuming standard tasks to allow them to focus on critical situations and the optimization of the network. In case the automated functions do not act as expected the operator still has the possibliity to overrule the system.

Such an autonomic management system requires a way to include operational experience and the possibility to dynamically adapt to the current context.

Scientists: Marton Kajo, Stefan Liebald, M. Sc., Edwin Cordeiro, M.Sc., Jan Seeger, Dr. Marc-Oliver Pahl, Prof. Dr.-Ing. Georg Carle, Dr. Holger Kinkelin, Jonas Jelten

Projects: AutHoNe

Publications (newest, Full list):

2012-10-01 Thomas Kothmayr, Corinna Schmitt, Wen Hu, Michael Bruenig, Georg Carle, “A DTLS Based End-To-End Security Architecture for the Internet of Things with Two-Way Authentication,” in Seventh IEEE International Workshop on Practical Issues in Building Sensor Network Applications (SenseApp), Clearwater (FL), USA, Oct. 2012. [Bib]
2011-11-01 Thomas Kothmayr, Wen Hu, Corinna Schmitt, Michael Brünig, Georg Carle, “Securing the Internet of Things with DTLS,” in Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems (SenSys), Poster Session, Seattle, USA, Nov. 2011. [Bib]
2011-09-01 Lothar Braun, Corinna Schmitt, Benoit Claise, Georg Carle, “Compressed IPFIX for smart meters in constrained networks.” Internet-Draft (work in progress), draft-braun-core-compressed-ipfix-03.txt, Sep-2011. [Url] [Bib]
2010-09-01 Alexander Klein, Lothar Braun, Corinna Schmitt, Georg Carle, “MAUS: A Multi-hop Autonomous Sensor Network for Monitoring Applications with Full IP-support,” in Proceedings of the 9. GI/ITG KuVS Fachgespräch Sensornetze (FGSN), Würzburg, Germany, Sep. 2010. [Bib]
2010-08-01 Marc-Oliver Pahl, Georg Carle, “Automatic control and Management Platform (ACMP).” Demo at IPTComm 2010, Munich, Germany, Aug-2010. [Url] [Bib]

Wireless

Wireless Networks

Wireless networks have become ubiquitous. Ranging from large scale public switched telephone networks downto Wireless Sensor networks they have become part of our daily life. The large number of different interconnected networks, network technologies and devices leads to an unpreceded level of heterogeneity and complexity with strong impacts on management and operation. For us, topics of special interest are autonomic configuration, efficient operation and a high level of security.

Scientists: Maurice Leclaire, M.Sc., Dr.-Ing. Stephan M. Günther

Projects: MOONSHINE, ScaleNet SYMPATHIE, Wireless Sensor Network Research

Publications (newest, Full list):

2013-09-01 Tsvetko Tsvetkov, Alexander von Bodisco, Georg Carle, “Optimization of Point-to-Point Communication in Wireless Sensor Networks,” in Proc. 12. GI/ITG KuVS Fachgespräch Sensornetze (FGSN 2013), Cottbus, Germany, Sep. 2013. [Bib]
2012-06-01 Alexander Klein, Lothar Braun, “Performance Study of a Preamble based MAC Protocol in Multi-Hop Wireless Networks,” in IEEE Wireless Advanced (WiAd), London, UK, Jun. 2012. [Bib]
2012-06-01 Alexander Klein, Lothar Braun, Fabian Oehlmann, “Performance Study of the Better Approach to Mobile Adhoc Networking (B.A.T.M.A.N.) Protocol in the Context of Asymmetric Links,” in 4th IEEE WoWMoM Workshop on Hot Topics in Mesh Networking, San Francisco, USA, Jun. 2012. [Bib]
2010-01-22 Marc Fouquet, Christian Hoene, Morten Schläger, Georg Carle, “Data Collection in Future Mobile Networks,” Telecommunication Systems, vol. 48, no. 3-4, Nov. 2011. [Bib]
2009-01-05 Andreas Monger, Marc Fouquet, Christian Hoene, Georg Carle, Morten Schlaeger, “A Metering Infrastructure for Heterogeneous Mobile Networks,” in First International Conference on COMmunication Systems and NETworkS (COMSNETS), Bangalore, India, Jan. 2009. [Pdf] [Bib]

Resilience

Resilience

By taking part in the EU FP 7 project RESUMENET (Resilience and Survivability for future networking - framework, mechanisms and experimental evaluation) our research focus shifted towards more resilience-oriented research questions. An example were applications that were uninterupted by changes in location and server due to mobility or failure. Another idea was to use Peer-to-Peer solutions in combination with client-server solutions (CoSIP) using the peers as fall-back. In the EINS network of excellence, we explored the implications of Internet as Critical Infrastructure, on a technical side, but also addressing the multi-disciplinary aspects of the research problem (e.g. with management sciences and social sciences). Finally, there is some work on network planning and modelling. Here we use optimization methods and network calculus.

Scientists: Dr. Johann Schlamp, Maja Sulovic, Minoo Rouhi, M. Sc., Dr. Heiko Niedermayer

Projects: RECODIS, SafeCloud, ResumeNet, EINS

Publications (newest, Full list):

2016-05-01 Cornelius Diekmann, Julius Michaelis, Maximilian Haslbeck, Georg Carle, “Verified iptables Firewall Analysis,” in IFIP Networking 2016, Vienna, Austria, May 2016. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2015-11-01 Cornelius Diekmann, Andreas Korsten, Georg Carle, “Demonstrating topoS: Theorem-Prover-Based Synthesis of Secure Network Configurations,” in 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Slides] [Sourcecode] [DOI] [Bib]
2015-11-01 Cornelius Diekmann, Lukas Schwaighofer, Georg Carle, “Certifying Spoofing-Protection of Firewalls,” in 11th International Conference on Network and Service Management, CNSM, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Sourcecode] [Rawdata] [DOI] [Bib]
2015-06-01 Cornelius Diekmann, Lars Hupel, Georg Carle, “Semantics-Preserving Simplification of Real-World Firewall Rule Sets,” in 20th International Symposium on Formal Methods, Jun. 2015, pp. 195–212. [Url] [Preprint] [Slides] [Sourcecode] [Rawdata] [DOI] [Bib]
2014-05-01 Cornelius Diekmann, Lars Hupel, Georg Carle, “Directed Security Policies: A Stateful Network Implementation,” in Engineering Safety and Security Systems, Singapore, May 2014, vol. 150, pp. 20–34. [Url] [Pdf] [Preprint] [Slides] [Sourcecode] [DOI] [Bib]