51本色

Institute of distributed systems logo Ulm university logo
This page is not localized, hence its original content is displayed.

Prof. rer. nat. Frank Kargl

Prof. Kargl did his PhD in 2003 and habilitation in 2009 at Ulm University. Before that, he was co-founder of Arago and responsible for network operation and security in the computing center / KIZ of Ulm University. From end of 2009 to beginning of 2012 he was Associate Professor in the Distributed and Embedded Security (DIES) group at University of Twente in the Netherlands, afterwards until January 2016 in a new position as adjunct professor. Since February 2012, Prof. Kargl is the director of the Institute of Distributed Systems at Ulm University. From October 2013 to September 2016, he served as vice dean of the Faculty of Engineering, Computer Science, and Psychology and then as dean until September 2018. Prof. Kargl is a member of ACM, IEEE, the German Computer Association GI and its special interest groups Security and KuVS.

His main research interests investigate system and network security and technical privacy, in particular in cyber-physical systems that interact with the environment through sensors and actuators. Many of our research investigates those topics in automotive systems, Vehicular-2-X communication, and Connected, Cooperative, and Automated Mobility (CCAM), where we contributed also to standardization and implementation in practice. Other research activities deal with security of networked embedded systems, e.g., in the context of Industrial Control Systems (ICS) or building automation systems. For even more topics, check our ongoing projects.

Research Interests

  • Security and Privacy in CCAM
    • Trust assessment
  • Safety, Security, and Privacy of Vulnerable Road Users
    • Mountainbike-to-Hiker Warning Systems
  • Network Security and Access Control
    • Zero Trust architectures
  • Privacy
    • Privacy aspects in emprirical research
  • and many more

Research Projects

  • [bwNET 2.0](
  • (2023/01 - 2025-12): Connectivity & Resilienz f眉r automatisierte Fahrfunktionen in Deutschland. Funding: BMFTR.
  • (2022/09 - 2025-08; completed): Continuous and Efficient Cooperative Trust Management for Resilient CCAM. Funding: Horizon Europe.
  • ReSense (2020/11 鈥 2023/02; completed): Retrospective Sensor Networks and Edge Computing for Secure Event Detection and Monitoring. Funding: BMBF/DAAD-GERF.
  • SIDGRAPH (2014/08 鈥 2017/07; completed): Development of scalability and distribution mechanisms for graph-based and event-driven computations and simulations. Funding: Industry project.
  • PRIPARE (2013/10 鈥 2015/09; completed): Design and implementation of a collaborative web portal for patterns and best practices for privacy
  • and many more

Service

Current appointments:

  • Academic coordinator for cooperation with German University in Cairo (GUC)
  • Member of the PhD commission (Dr. rer. nat.)
  • Member of joint commission for Computational Science & Engineering (CSE)
  • Speaker of ZaWiW

Expired appointments:

  • Member of the Habilitation commission (Dr. rer. nat.)
  • 2016 - 2018: Dean of the Faculty of Engineering, Computer Science and Psychology
  • 2013 - 2016: Vice-Dean of the Faculty of Engineering, Computer Science and Psychology

Publications

2026

Hermann, A., Remmers, J.N., Eisermann, D., Erb, B. and Kargl, F. 2026. VeReMi NextGen: A Dataset for Evaluating Misbehavior Detection Systems in VANETs. 2026 IEEE Vehicular Networking Conference (VNC) (Montreal, Canada, Jun. 2026).
V2X communication enhances road safety but is vulnerable to data manipulation attacks that could lead to safety-critical incidents, motivating the use of Misbehavior Detection Systems (MDSs). The evaluation of MDSs typically relies on simulated V2X scenarios and attacks. To enable reproducible evaluations, publicly available datasets containing V2X messages are important. Existing datasets have several limitations, including limited attack diversity and missing training/validation/test sets for machine-learning-based MDSs. Therefore, we introduce VeReMi NextGen, generated using the InTAS traffic scenario and Eclipse MOSAIC. The dataset includes urban and highway scenarios, three driver profiles, 15 attack types, and training/validation/test sets, thereby providing significantly broader coverage than previous datasets. The attacks were designed to be more advanced and harder to detect than those in the predecessor VeReMi Extension, as confirmed by an evaluation using a state-of-the-art MDS. Our contribution includes the dataset and a publicly available dataset generator, enabling easy integration of additional attacks and entities, such as vulnerable road users.
Bassi, F., Zhang , J., Jemaa, I.B., Kargl, F. and Erb, B. 2026. Improving Misbehaviour Detection Through Infrastructure Support Without Raising Complexity. 2026 IEEE 103rd Vehicular Technology Conference (VTC2026-Spring) (Jun. 2026).
Ensuring the semantic correctness of exchanged kinematic data is critical for safety-critical Vehicle-to-Everything (V2X) applications. While onboard Misbehaviour Detection (MBD) mechanisms help address this issue, their effectiveness is inherently limited by the vehicle鈥檚 local view. This work investigates whether lightweight, rule-based MBD can be significantly enhanced through infrastructure support without increasing computational complexity. We adopt a Trust Assessment Framework to control the inclusion of V2X data into the vehicle鈥檚 Extended Perception Map (EPM), based on trust levels derived from MBD outputs. We compare a standalone setup relying on local evidence only with a federated setup in which the infrastructure aggregates Misbehaviour Reports from multiple vehicles, assesses node trustworthiness, and disseminates this information back to vehicles. Simulation results under kinematic falsification attacks show that the federated setup consistently outperforms the standalone one in filtering altered observations.
Hermann, A., F眉llhase, J. and Kargl, F. 2026. Enabling Vulnerability Awareness in V2X Networks Using Encrypted SBOMs. 2026 IEEE Vehicular Networking Conference (VNC) (Montreal, Canada, Jun. 2026).
Trkulja, N., Erb, B. and Kargl, F. 2026. Disbelief-Favouring Trust Discounting for Adversarial Multi-Hop Trust Assessment using Subjective Logic. 2026 29th International Conference on Information Fusion (FUSION) (Trondheim, Norway, Jun. 2026).
Subjective Logic (SL) trust discounting enables trust transitivity along referral paths and is widely applied in distributed cyber-physical systems and ad-hoc networks. When used for adversarial integrity-focused trust assessment, however, established discounting operators exhibit two systematic effects: (i) short chains with conflicting or jointly negative opinions may produce discounted results dominated by uncertainty rather than disbelief; and (ii) under repeated sequential composition, several operators attenuate committed mass multiplicatively, driving uncertainty toward one as path length increases. These behaviors conflict with weakest-link integrity semantics in which a single compromised node should dominate the trust assessment. This paper introduces disbelief-favouring trust discounting (DF), an SL operator that propagates maximum disbelief along a path and redistributes remaining belief鈥搖ncertainty mass proportionally. We analyze the structural mechanism underlying uncertainty accumulation in established operators, formalize design requirements for adversarial multi-hop integrity assessment, and evaluate DF against existing operators using controlled synthetic chain experiments and Monte Carlo simulations with probabilistic compromise and detection. Results show that DF avoids uncertainty convergence and improves block-averaged F1 across required trust levels over increasing chain lengths.

2025

Hermann, A., Trkulja, N., Eisermann, D., Erb, B. and Kargl, F. 2025. Hyperparameter Optimization-Based Trust Quantification for Misbehavior Detection Systems. 2025 IEEE International Conference on Intelligent Transportation Systems (Nov. 2025), 2589鈥2596.
Vehicular communication via V2X networks significantly improves road safety, but is vulnerable to data manipulation, which can lead to serious incidents. To address this threat, misbehavior detection systems (MBDs) have been developed to detect such misbehavior. In order to enhance the detection of data manipulation, trust assessment in V2X networks has recently gained increasing attention. Trust assessment takes into account the output of various security mechanisms such as MBDs or Intrusion Detection Systems (IDSs) to detect misbehavior. One particular challenge in trust assessment is the appropriate quantification of the output of these security mechanisms into trust opinions. In this paper, we propose a trust quantification methodology that transforms the output of an MBD into a subjective logic opinion. Furthermore, we apply a hyperparameter optimization approach to determine the optimal parameter set for an MBD. Our evaluation using three MBD variants shows that the optimization approach significantly increased the detection-performance of all MBDs. The MBD variant that used the optimization approach and our proposed trust quantification methodology achieved the best performance, increasing the F1 score by over 13% compared to other state-of-the-art MBD variants analyzed in this work.
Schoffit, J., Pietzschmann, L., Prechtel, P., Eisermann, D., Wendzel, S., Kargl, F. and International Conference on Networked Systems (Ilmenau, 01.-04.09-2025) 2025. Enhancing client security in zero trust architectures: a device-agent policy enforcement point for compartmentalized network management. Proceedings of the International Conference on Networked Systems 2025 (NetSys 2025): Technische 51本色 Ilmenau, 1 鈥 4 September 2025. (Aug. 2025), 29鈥32.
Zero Trust Architectures have recently attracted a lot of interest in the network community. However, access control is often not extending into client devices. In this paper, we propose an extension of Zero Trust Policy Enforcement Points that integrates a device agent to expand the zero trust security model to client devices. We have developed a generalized framework that integrates with multiple compartmentalization technologies, ensuring the isolation of processes and enforcement of network policies while maintaining application and user authentication. This approach minimizes the attack surface of malicious processes, as our Zero Trust Device Agent manages compartment lifecycles based on their behaviour within the network and integrates into the global access control framework, thereby improving the overall security of zero trust architectures.
Hermann, A., Trkulja, N., Wachter, P., Erb, B. and Kargl, F. 2025. Quantification Methods for Trust in Cooperative Driving. 2025 IEEE Vehicular Networking Conference (Jun. 2025). (acceptance rate: 33%)
Future vehicles and infrastructure will rely on data from external entities such as other vehicles via V2X communication for safety-critical applications. Malicious manipulation of this data can lead to safety incidents. Earlier works proposed a trust assessment framework (TAF) to allow a vehicle or infrastructure node to assess whether it can trust the data it received. Using subjective logic, a TAF can calculate trust opinions for the trustworthiness of the data based on different types of evidence obtained from diverse trust sources. One particular challenge in trust assessment is the appropriate quantification of this evidence. In this paper, we introduce different quantification methods that transform evidence into appropriate subjective logic opinions. We suggest quantification methods for different types of evidence: security reports, misbehavior detection reports, intrusion detection system alerts, GNSS spoofing scores, and system integrity reports. Our evaluations in a smart traffic light system scenario show that the TAF detects attacks with an accuracy greater than 96% and intersection throughput increased by 42% while maintaining safety and security, when using our proposed quantification methods.
Hermann, A., Trkulja, N., Mei脽ner, E., Erb, B. and Kargl, F. 2025. Demo: Quantifying Trust in a Trust Assessment Framework. 2025 IEEE Vehicular Networking Conference (Jun. 2025).
Vehicular communication via V2X networks increases road safety, but is vulnerable to data manipulation which can lead to serious incidents. Existing security systems, such as misbehavior detection systems, have limitations in detecting and mitigating such threats. To address these challenges, we have implemented a software prototype of a Trust Assessment Framework (TAF) that assesses the trustworthiness of received V2X data by integrating evidence from multiple trust sources. This interactive demonstration illustrates the quantification of trust for a smart traffic light system application. We demonstrate the impact of varying evidence coming from a misbehavior detection system and a security report generator on the trust assessment process. We also showcase internal processing steps within our TAF when receiving new evidence, up to and including the eventual decision making on the trustworthiness of the received V2X data.
Trkulja, N., Hermann, A., Duhr, P.L., Mei脽ner, E., Buchholz, M., Kargl, F. and Erb, B. 2025. Vehicle-to-Everything Trust: Enabling Autonomous Trust Assessment of V2X Data by Vehicles. Proceedings of the 2nd Cyber Security in CarS Workshop (Taipei, Taiwan, 2025). (acceptance rate: 65%)
Connected and automated vehicles rely on data from various entities to support safety-critical applications such as Cooperative Adaptive Cruise Control (CACC). However, unauthorized data manipulation through, for example, data injection attacks can compromise vehicle safety and lead to incidents. Existing vehicular security mechanisms, such as Misbehavior Detection System (MBD), have limitations in detecting and mitigating all types of threats on their own. To address these limitations, our prior work has proposed the concept of a Trust Assessment Framework (TAF), which assesses data trustworthiness by combining evidence from multiple security systems operating as trust sources. However, TAF as a concept has not been extensively evaluated in safety-critical Cooperative Driving (CD) applications. In this work, we refine the architecture of the TAF and implement a software prototype based on it. We integrate the TAF prototype with a CACC simulation environment and implement three types of data injection attacks. We demonstrate that by incorporating multiple security mechanisms as trust sources, the TAF significantly improves attack detection performance and reduces the number of crashes by 86% compared to using a single security mechanism, such as MBD.
Mei脽ner, E., Kargl, F., Erb, B. and Engelmann, F. 2025. PrePaMS: Privacy-Preserving Participant Management System for Studies with Rewards and Prerequisites. Proceedings on Privacy Enhancing Technologies. 2025, 1 (2025), 632鈥653. (acceptance rate: 30%)
Taking part in surveys, experiments, and studies is often compensated by rewards to increase the number of participants and encourage attendance. While privacy requirements are usually considered for participation, privacy aspects of the reward procedure are mostly ignored. To this end, we introduce PrePaMS, an efficient participation management system that supports prerequisite checks and participation rewards in a privacy-preserving way. Our system organizes participations with potential (dis-)qualifying dependencies and enables secure reward payoffs. By leveraging a set of proven cryptographic primitives and mechanisms such as anonymous credentials and zero-knowledge proofs, participations are protected so that service providers and organizers cannot derive the identity of participants even within the reward process. In this paper, we have designed and implemented a prototype of PrePaMS to show its effectiveness and evaluated its performance under realistic workloads. PrePaMS covers the information whether subjects have participated in surveys, experiments, or studies. When combined with other secure solutions for the actual data collection within these events, PrePaMS can represent a cornerstone for more privacy-preserving empirical research.
Ouattara, K.I., Krontiris, I., Dimitrakos, T., Eisermann, D., Labiod, H. and Kargl, F. 2025. PaTAS: A Framework for Trust Propagation in Neural Networks Using Subjective Logic.
Kleber, S., Eppler, J., Palm, T., Eisermann, D. and Kargl, F. 2025. Assessing the Transferability of Adversarial Patches in Real-World Systems: Implications for Adversarial Testing of Image Recognition Security. 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S) (2025), 42鈥48.

2024

Bradatsch, L., Hermann, A. and Kargl, F. 2024. Attribute Threat Analysis and Risk Assessment for ABAC and TBAC Systems. In Proceedings of the 21st International Conference on Security and Cryptography (Jul. 2024), 26鈥39.
Hermann, A., Trkulja, N., de Lucena, A.R.F., Kiening, A., Petrovska, A. and Kargl, F. 2024. WIP: A Trust Assessment Method for In-Vehicular Networks using Vehicle Risk Assessment. Symposium on Vehicle Security and Privacy (VehicleSec) 2024 (Feb. 2024).
Ferraz de Lucena, A.R., Hermann, A., Trkulja, N., Kiening, A., Petrovska, A. and Kargl, F. 2024. Required Trustworthiness Level based on Threat Analysis and Risk Assessment (TARA). 2024 IEEE Future Networks World Forum (FNWF) (2024), 519鈥526.
Automated vehicles communicating with each other or their surroundings are expected to exchange a large amount of data. With that, the trustworthiness of a shared data item concerning its integrity is raised, as well as the trustworthiness of a vehicle component not having been tampered with by an attacker. Traditional security mechanisms, such as misbehavior detection, can help identify some security violations but cannot assess the overall consequences of a range of vehicle attacks. For this purpose, previous work has already introduced the Trust Assessment Framework, which computes a target entity鈥檚 Actual Trustworthiness Level (ATL). This paper focuses on the concept of Required Trustworthiness Level (RTL), which represents the numerical thresholds an ATL needs to reach for an entity to be considered trustworthy. We present a risk-based method to calculate the belief component of an RTL based on the well-established and standardized Threat Analysis and Risk Assessment (TARA). We provide an in-vehicle use case to demonstrate our belief calculation method and discuss the impact of using risk ratings.
Ouattara, K.I., Petrovska, A., Hermann, A., Trkulja, N., Dimitrakos, T. and Kargl, F. 2024. On Subjective Logic Trust Discount for Referral Paths. 2024 27th International Conference on Information Fusion (FUSION) (2024), 1鈥8.

2023

Bradatsch, L., Miroshkin, O. and Kargl, F. 2023. ZTSFC: A Service Function Chaining-Enabled Zero Trust Architecture. IEEE Access. 11, (2023), 125307鈥125327.
Recently, zero trust security has received notable attention in the security community. However, while many networks use monitoring and security functions like firewalls, their integration in the design of zero trust architectures remains largely unaddressed. In this article, we contribute with respect to this aspect a novel network security architecture called Zero Trust Service Function Chaining (ZTSFC). With ZTSFC, we achieve three main improvements over zero trust architectures: (1) the zero trust components can directly integrate other monitoring and security functions into their access decisions, (2) an efficient flow of information between zero trust components, monitoring, and security functions are achieved, and (3) ZTSFC improves the performance with respect to hardware load and user experience. As proof of concept, we implemented a publicly available ZTSFC prototype based on HTTPS and the policy language ALFA. Using this prototype, we demonstrate the achievement of all three improvements in representative use cases. In addition, our performance evaluation compares ZTSFC with a regular zero trust network without ZTSFC. The results indicate that ZTSFC can reduce CPU usage by 25% for specific monitoring and security functions in certain scenarios. Overall, we also observed a 30% decrease in the time it takes to access services with ZTSFC.
Bradatsch, L., Miroshkin, O., Trkulja, N. and Kargl, F. 2023. Zero Trust Score-based Network-level Access Control in Enterprise Networks. 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) (2023), 1鈥7.
Zero Trust security has recently gained attention in enterprise network security. One of its key ideas is making network-level access decisions based on trust scores. However, score-based access control in the enterprise domain still lacks essential elements in our understanding, and in this paper, we contribute with respect to three crucial aspects. First, we provide a comprehensive list of 29 trust attributes that can be used to calculate a trust score. By introducing a novel mathematical approach, we demonstrate how to quantify these attributes. Second, we describe a dynamic risk-based method to calculate the trust threshold the trust score must meet for permitted access. Third, we introduce a novel trust algorithm based on Subjective Logic that incorporates the first two contributions and offers fine-grained decision possibilities. We discuss how this algorithm shows a higher expressiveness compared to a lightweight additive trust algorithm. Performance-wise, a prototype of the Subjective Logic-based approach showed similar calculation times for mak- ing an access decision as the additive approach. In addition, the dynamic threshold calculation showed only 7% increased decision-making times compared to a static threshold.
Kargl, F., Trkulja, N., Hermann, A., Sommer, F., Ferraz de Lucena, A.R., Kiening, A. and Japs, S. 2023. Securing Cooperative Intersection Management through Subjective Trust Networks. 2023 IEEE 97th Vehicular Technology Conference (VTC2023-Spring) (2023), 1鈥7.
Connected, Cooperative, and Autonomous Mobility (CCAM) will take intelligent transportation to a new level of complexity. CCAM systems can be thought of as complex Systems-of-Systems (SoSs). They pose new challenges to security as consequences of vulnerabilities or attacks become much harder to assess. In this paper, we propose the use of a specific type of a trust model, called subjective trust network, to model and assess trustworthiness of data and nodes in an automotive SoS. Given the complexity of the topic, we illustrate the application of subjective trust networks on a specific example, namely Cooperative Intersection Management (CIM). To this end, we introduce the CIM use-case and show how it can be modelled as a subjective trust network. We then analyze how such trust models can be useful both for design time and run-time analysis, and how they would allow us a more precise quantitative assessment of trust in automotive SoSs. Finally, we also discuss the open research problems and practical challenges that need to be addressed before such trust models can be applied in practice.
Hermann, A., Wolf, M., Trkulja, N., Jemaa, I.B., Bkakria, A. and Kargl, F. 2023. Privacy of Smart Traffic Lights Systems. 2023 IEEE Vehicular Networking Conference (VNC) (2023), 17鈥24.
Smart traffic lights systems (STLSs) are a promising approach to improve traffic efficiency at intersections. They rely on the information sent by vehicles via C2X communication (like in cooperative awareness messages (CAMs)) at the managed intersection. While there exists a large body of work on privacy-enhancing technologies (PETs) for cooperative Intelligent Transport Systems (cITS) in general, such PETs like changing pseudonyms often impact the performance of cITS applications. This paper analyzes the extent to which different PETs affect the performance of two types of STLSs, a phase-based and a reservation-based STLS. These are implemented in SUMO and combined with four different PETs. Through extensive simulations we then investigate the impact of those PETs on STLS performance metrics like time loss, waiting time, fuel consumption, and average velocity. Our analysis shows that the impact of PETs on performance varies greatly depending on the type of STLS. Finally, we propose a hybrid STLS which is a combination of the two STLS types as a potential solution for limiting the negative impact of PETs on performance.
Trkulja, N., Hermann, A., Petrovska, A., Kiening, A., Ferraz de Lucena, A.R. and Kargl, F. 2023. In-vehicle trust assessment framework. 21th escar Europe鈥: The World鈥檚 Leading Automotive Cyber Security Conference (Hamburg, 15. - 16.11.2023) (2023).
Today鈥檚 vehicles run various safety-critical applications requiring data input from diverse in-vehicle components. Adaptive Cruise Control (ACC), for example, can rely on the data input from components such as lidar, radar, GNSS, and cameras. Malicious manipulation of any of this data compromises the data integrity and can result in safety incidents or accidents on the road. Security mechanisms like intrusion detection can be in place; however, they can not reliably assess the consequences of attacks on a system level or for arbitrary subsystems. In this paper, we present a Trust Assessment Framework (TAF) that allows an in-vehicle application in a complex System-of-Systems to assess whether it can trust the integrity of its input data.The TAF assesses the trustworthiness of every component in the data flow chain based on collected evidence. We explain this concept with the example of ACC and show case two ossible implementations of the TAF inside a vehicle.
Bottner, L., Hermann, A., Eppler, J., Th眉m, T. and Kargl, F. 2023. Evaluation of Free and Open Source Tools for Automated Software Composition Analysis. Proceedings of the 7th ACM Computer Science in Cars Symposium (Darmstadt, Germany, 2023).
Vulnerable or malicious third-party components introduce vulnerabilities into the software supply chain. Software Composition Analysis (SCA) is a method to identify direct and transitive dependencies in software projects and assess their security risks and vulnerabilities. In this paper, we investigate two open source SCA tools, Eclipse Steady (ES) and OWASP Dependency Check (ODC), with respect to vulnerability detection in Java projects. Both tools use different vulnerability detection methods. ES implements a code-centric and ODC a metadata-based approach. Our study reveals that both tools suffer from false positives. Furthermore, we discover that the success of the vulnerability detection depends on the underlying vulnerability database. Especially ES suffered from false negatives because of the insufficient vulnerability information in the database. While code-centric and metadata-based approaches offer significant potential, they also come with their respective downsides. We propose a hybrid approach assuming that combining both detection methods will lead to less false negatives and false positives.
Kargl, F., Erb, B. and B枚sch, C. 2023. Defining Privacy. Digital Phenotyping and Mobile Sensing: New Developments in Psychoinformatics. C. Montag and H. Baumeister, eds. Springer International Publishing. 461鈥463.

2022

Kleber, S. and Kargl, F. 2022. Refining Network Message Segmentation with Principal Component Analysis. Proceedings of the tenth annual IEEE Conference on Communications and Network Security (Austin, TX, USA, Oct. 2022).
Reverse engineering of undocumented protocols is a common task in security analyses of networked services. The communication itself, captured in traffic traces, contains much of the necessary information to perform such a protocol reverse engineering. The comprehension of the format of unknown messages is of particular interest for binary protocols that are not human-readable. One major challenge is to discover probable fields in a message as the basis for further analyses. Given a set of messages, split into segments of bytes by an existing segmenter, we propose a method to refine the approximation of the field inference. We use principle component analysis (PCA) to discover linearly correlated variance between sets of message segments. We relocate the boundaries of the initial coarse segmentation to more accurately match with the true fields. We perform different evaluations of our method to show its benefit for the message format inference and subsequent analysis tasks from literature that depend on the message format. We can achieve a median improvement of the message format accuracy across different real-world protocols by up to 100 %.
Kleber, S., Stute, M., Hollick, M. and Kargl, F. 2022. Network Message Field Type Classification and Recognition for Unknown Binary Protocols. Proceedings of the DSN Workshop on Data-Centric Dependability and Security (Baltimore, Maryland, USA, Jun. 2022).
Reverse engineering of unknown network protocols based on recorded traffic traces enables security analyses and debugging of undocumented network services. In particular for binary protocols, existing approaches (1) lack comprehensive methods to classify or determine the data type of a discovered segment in a message, e.,g., a number, timestamp, or network address, that would allow for a semantic interpretation and (2) have strong assumptions that prevent analysis of lower-layer protocols often found in IoT or mobile systems. In this paper, we propose the first generic method for analyzing unknown messages from binary protocols to reveal the data types in message fields. To this end, we split messages into segments of bytes and use their vector interpretation to calculate similarities. These can be used to create clusters of segments with the same type and, moreover, to recognize specific data types based on the clusters' characteristics. Our extensive evaluation shows that our method provides precise classification in most cases and a data-type-recognition precision of up to 100% at reasonable recall, improving the state-of-the-art by a factor between 1.3 and 3.7 in realistic scenarios. We open-source our implementation to facilitate follow-up works.
Bradatsch, L., Haeberle, M., Steinert, B., Kargl, F. and Menth, M. 2022. Secure Service Function Chaining in the Context of Zero Trust Security. 2022 IEEE 47th Conference on Local Computer Networks (LCN) (2022), 123鈥131. (acceptance rate: 24%)
Service Function Chaining (SFC) enables dynamic steering of traffic through a set of service functions based on classification of packets, allowing network operators fine-grained and flexible control of packet flows. New paradigms like Zero Trust (ZT) pose additional requirements to the security of network architectures. This includes client authentication, confidentiality, and integrity throughout the whole network, while also being able to perform operations on the unencrypted payload of packets. However, these requirements are only partially addressed in existing SFC literature. Therefore, we first present a comprehensive analysis of the security requirements for SFC architectures. Based on this analysis, we propose a concept towards the fulfillment of the requirements while maintaining the flexibility of SFC. In addition, we provide and evaluate a proof of concept implementation, and discuss the implications of the design choices.
Kargl, F., Krontiris, I., Weimerskirch, A., Williams, I. and Trkulja, N. 2022. Privacy Protection of Automated and Self-Driving Vehicles (Dagstuhl Seminar 22042). Dagstuhl Reports. 12, 1 (2022), 83鈥100.
This report documents the program and the outcomes of Dagstuhl Seminar 22042 "Privacy Protection of Automated and Self-Driving Vehicles". The Seminar reviewed existing privacy-enhancing technologies, standards, tools, and frameworks for protecting personal information in the context of automated and self-driving vehicles (AVs). We specifically focused on where such existing techniques clash with requirements of an AV and its data processing and identified the major road blockers on the way to deployment of privacy protection in AVs from a legal, technical, business and ethical perspective. Therefore, the seminar took an interdisciplinary approach involving autonomous and connected driving, privacy protection, and legal data protection experts. This report summarizes the discussions and findings during the seminar, includes the abstracts of talks, and includes a report from the working groups.

2021

Erb, B., B枚sch, C., Herbert, C., Kargl, F. and Montag, C. 2021. Emerging Privacy Issues in Times of Open Science. (Jun. 2021). PsyArXiv Preprint
The open science movement has taken up the important challenge to increase transparency of statistical analyses, to facilitate reproducibility of studies, and to enhance reusability of data sets. To counter the replication crisis in the psychological and related sciences, the movement also urges researchers to publish their primary data sets alongside their articles. While such data publications represent a desirable improvement in terms of transparency and are also helpful for future research (e.g., subsequent meta-analyses or replication studies), we argue that such a procedure can worsen existing privacy issues that are insufficiently considered so far in this context. Recent advances in de-anonymization and re-identification techniques render privacy protection increasingly difficult, as prevalent anonymization mechanisms for handling participants' data might no longer be adequate. When exploiting publicly shared primary data sets, data from multiple studies can be linked with contextual data and eventually, participants can be de-anonymized. Such attacks can either re-identify specific individuals of interest, or they can be used to de-anonymize entire participant cohorts. The threat of de-anonymization attacks can endanger the perceived confidentiality of responses by participants, and ultimately, lower the overall trust of potential participants into the research process due to privacy concerns.
Bradatsch, L., Kargl, F. and Miroshkin, O. 2021. Zero Trust Service Function Chaining. Conference on Networked Systems 2021 (NetSys 2021) (2021).
Mei脽ner, E., Kargl, F. and Erb, B. 2021. WAIT: Protecting the Integrity of Web Applications with Binary-Equivalent Transparency. Proceedings of the 36th Annual ACM Symposium on Applied Computing (Virtual Event, Republic of Korea, 2021), 1950鈥1953. (acceptance rate: 29%)
Modern single page web applications require client-side executions of application logic, including critical functionality such as client-side cryptography. Existing mechanisms such as TLS and Subresource Integrity secure the communication and provide external resource integrity. However, the browser is unaware of modifications to the client-side application as provided by the server and the user remains vulnerable against malicious modifications carried out on the server side. Our solution makes such modifications transparent and empowers the browser to validate the integrity of a web application based on a publicly verifiable log. Our Web Application Integrity Transparency (WAIT) approach requires (1) an extension for browsers for local integrity validations, (2) a custom HTTP header for web servers that host the application, and (3) public log servers that serve the verifiable logs. With WAIT, the browser can disallow the execution of undisclosed application changes. Also, web application providers cannot dispute their authorship for published modifications anymore. Although our approach cannot prevent every conceivable attack on client-side web application integrity, it introduces a novel sense of transparency for users and an increased level of accountability for application providers particularly effective against targeted insider attacks.
Mei脽ner, E., Engelmann, F., Kargl, F. and Erb, B. 2021. PeQES: A Platform for Privacy-Enhanced Quantitative Empirical Studies. Proceedings of the 36th Annual ACM Symposium on Applied Computing (Virtual Event, Republic of Korea, 2021), 1226鈥1234. (acceptance rate: 29%)
Empirical sciences and in particular psychology suffer a methodological crisis due to the non-reproducibility of results, and in rare cases, questionable research practices. Pre-registered studies and the publication of raw data sets have emerged as effective countermeasures. However, this approach represents only a conceptual procedure and may in some cases exacerbate privacy issues associated with data publications. We establish a novel, privacy-enhanced workflow for pre-registered studies. We also introduce PeQES, a corresponding platform that technically enforces the appropriate execution while at the same time protecting the participants' data from unauthorized use or data repurposing. Our PeQES prototype proves the overall feasibility of our privacy-enhanced workflow while introducing only a negligible performance overhead for data acquisition and data analysis of an actual study. Using trusted computing mechanisms, PeQES is the first platform to enable privacy-enhanced studies, to ensure the integrity of study protocols, and to safeguard the confidentiality of participants' data at the same time.
Al-Momani, A., Wuyts, K., Sion, L., Kargl, F., Joosen, W., Erb, B. and B枚sch, C. 2021. Land of the Lost: Privacy Patterns鈥 Forgotten Properties: Enhancing Selection-Support for Privacy Patterns. Proceedings of the 36th Annual ACM Symposium on Applied Computing (Virtual Event, Republic of Korea, 2021), 1217鈥1225. (acceptance rate: 29%)
Privacy patterns describe core aspects of privacy-enhancing solutions to recurring problems and can, therefore, be instrumental to the privacy-by-design paradigm. However, the privacy patterns domain is still evolving. While the main focus is currently put on compiling and structuring high-quality privacy patterns in catalogs, the support for developers to select suitable privacy patterns is still limited. Privacy patterns selection-support means, in essence, the quick and easy scoping of a collection of patterns to the most applicable ones based on a set of predefined criteria. To evaluate patterns against these criteria, a thorough understanding of the privacy patterns landscape is required. In this paper, (i) we show that there is currently a lack of extensive support for privacy patterns selection due to the insufficient understanding of pattern properties, (ii) we propose additional properties that need to be analyzed and can serve as a first step towards a robust selection criteria, (iii) we analyze and present the properties for 70 privacy patterns, and (iv) we discuss a potential approach of how such a selection-support method can be realized.
Kr枚ll, T., Kleber, S., Kargl, F., Hollick, M. and Classen, J. 2021. ARIstoteles - Dissecting Apple鈥檚 Baseband Interface. Proceedings of the European Symposium on Research in Computer Security (2021).
Wireless chips and interfaces expose a substantial remote attack surface. As of today, most cellular baseband security research is performed on the Android ecosystem, leaving a huge gap on Apple devices. With iOS jailbreaks, last-generation wireless chips become fairly accessible for performance and security research. Yet, iPhones were never intended to be used as a research platform, and chips and interfaces are undocumented. One protocol to interface with such chips is Apple Remote Invocation (ARI), which interacts with the central phone component CommCenter and multiple user-space daemons, thereby posing a Remote Code Execution (RCE) attack surface. We are the first to reverse-engineer and fuzz-test the ARI interface on iOS. Our Ghidra scripts automatically generate a Wireshark dissector, called ARIstoteles, by parsing closed-source iOS libraries for this undocumented protocol. Moreover, we compare the quality of the dissector to fully-automated approaches based on static trace analysis. Finally, we fuzz the ARI interface based on our reverse-engineering results. The fuzzing results indicate that ARI does not only lack public security research but also has not been well-tested by Apple. By releasing ARIstoteles open-source, we also aim to facilitate similar research in the future.

2020

Kleber, S., Heijden, R.W. van der and Kargl, F. 2020. Message Type Identification of Binary Network Protocols using Continuous Segment Similarity. Proceedings of the Conference on Computer Communications (2020).
Protocol reverse engineering based on traffic traces infers the behavior of unknown network protocols by analyzing observable network messages. To perform correct deduction of message semantics or behavior analysis, accurate message type identification is an essential first step. However, identifying message types is particularly difficult for binary protocols, whose structural features are hidden in their densely packed data representation. In this paper, we leverage the intrinsic structural features of binary protocols and propose an accurate method for discriminating message types. Our approach uses a continuous similarity measure by comparing feature vectors where vector elements correspond to the fields in a message, rather than discrete byte values. This enables a better recognition of structural patterns, which remain hidden when only exact value matches are considered. We combine Hirschberg alignment with DBSCAN as cluster algorithm to yield a novel inference mechanism. By applying novel autoconfiguration schemes, we do not require manually configured parameters for the analysis of an unknown protocol, as required by earlier approaches. Results of our evaluations show that our approach has considerable advantages in message type identification result quality but also execution performance over previous approaches.

2019

Kleber, S. and Kargl, F. 2019. Poster: Network Message Field Type Recognition. Proceedings of the 26th Conference on Computer and Communications Security (London, UK, Nov. 2019), 2581鈥2583.
Kargl, F., van der Heijden, R.W., Erb, B. and B枚sch, C. 2019. Privacy in mobile sensing. Digital Phenotyping and Mobile Sensing. H. Baumeister and C. Montag, eds. Springer. 3鈥12.
In this chapter, we discuss the privacy implications of mobile sensing and modern psycho-social sciences. We aim to raise awareness of the multifaceted nature of privacy, describing the legal, technical and applied aspects in some detail. Not only since the European GDPR, these aspects lead to a broad spectrum of challenges of which data processors cannot be absolved by a simple consent form from their users. Instead appropriate technical and organizational measures should be put in place through a proper privacy engineering process. Throughout the chapter, we illustrate the importance of privacy protection through a set of examples and also technical approaches to address these challenges. We conclude this chapter with an outlook on privacy in mobile sensing, digital phenotyping and, psychoinformatics.
Kopp, H., M枚dinger, D., Hauck, F.J. and Kargl, F. 2019. Cryptographic design of PriCloud, a privacy-preserving decentralized storage with remuneration. IEEE Trans. on Dep. and Sec. Comp. 18, 4 (2019), 1908鈥1919.
Over the last years, demand for file hosting has sky-rocketed due to cost reductions and availability of services. However, centralized providers have a negative impact on the privacy of their users, since they are able to read and collect various data about their users and even link it to their identity via their payments. On the other hand, decentralized storage solutions like GNUnet suffer from a lack of participation by providers, since there is no feasible business model. We propose PriCloud, a decentralized storage system which allows users to pay their storage providers without sacrificing their privacy by employing anonymous storage smart contracts and private payments on a blockchain. We are able to provide privacy to the users and storage providers, and unlinkability between users and files. Our system offers decentralized file storage including strong privacy guarantees and built-in remuneration for storage providers.

2018

M枚dinger, D., Kopp, H., Kargl, F. and Hauck, F.J. 2018. A Flexible Network Approach to Privacy of Blockchain Transactions. 38th IEEE Int. Conf. on Distrib. Comp. Sys. (Vienna, Jul. 2018), 1486鈥1491.
For preserving privacy, blockchains can be equipped with dedicated mechanisms to anonymize participants. How- ever, these mechanism often take only the abstraction layer of blockchains into account whereas observations of the underlying network traffic can reveal the originator of a transaction request. Previous solutions either provide topological privacy that can be broken by attackers controlling a large number of nodes, or offer strong and cryptographic privacy but are inefficient up to practical unusability. Further, there is no flexible way to trade privacy against efficiency to adjust to practical needs. We propose a novel approach that combines existing mechanisms to have quantifiable and adjustable cryptographic privacy which is further improved by augmented statistical measures that prevent frequent attacks with lower resources. This approach achieves flexibility for privacy and efficency requirements of different blockchain use cases.
M枚dinger, D., Kopp, H., Kargl, F. and Hauck, F.J. 2018. Towards Enhanced Network Privacy for Blockchains. Short research statement for the DSN Workshop on Byzantine Consensus and Resilient Blockchains (BCRB) (Luxemburg, Jun. 2018).
Privacy aspects of blockchains have gained attention as the log of transactions can be view by any interested party. Privacy mechanisms applied to the ledger can be undermined by attackers on the network level, resulting in deanonymization of the transaction senders. We discuss current approaches to this problem, e.g. Dandelion, sketch our own approach to provide even stronger privacy mechanisms and discuss the challenges and open questions for further research in this area.
Lukaseder, T., Maile, L., Erb, B. and Kargl, F. 2018. SDN-Assisted Network-Based Mitigation of Slow DDoS Attacks. Proceedings of the 14th EAI International Conference on Security and Privacy in Communication Networks. (Singapore, 2018), 102鈥121.
Slow-running attacks against network applications are often not easy to detect, as the attackers behave according to the specification. The servers of many network applications are not prepared for such attacks, either due to missing countermeasures or because their default configurations ignores such attacks. The pressure to secure network services against such attacks is shifting more and more from the service operators to the network operators of the servers under attack. Recent technologies such as software-defined networking offer the flexibility and extensibility to analyze and influence network flows without the assistance of the target operator. Based on our previous work on a network-based mitigation, we have extended a framework to detect and mitigate slow-running DDoS attacks within the network infrastructure, but without requiring access to servers under attack. We developed and evaluated several identification schemes to identify attackers in the network solely based on network traffic information. We showed that by measuring the packet rate and the uniformity of the packet distances, a reliable identificator can be built, given a training period of the deployment network.
Mei脽ner, E., Erb, B., Kargl, F. and Tichy, M. 2018. retro-位: An Event-sourced Platform for Serverless Applications with Retroactive Computing Support. Proceedings of the 12th ACM International Conference on Distributed and Event-based Systems (Hamilton, New Zealand, 2018), 76鈥87. (acceptance rate: 39%)
State changes over time are inherent characteristics of stateful applications. So far, there are almost no attempts to make the past application history programmatically accessible or even modifiable. This is primarily due to the complexity of temporal changes and a difficult alignment with prevalent programming primitives and persistence strategies. Retroactive computing enables powerful capabilities though, including computations and predictions of alternate application timelines, post-hoc bug fixes, or retroactive state explorations. We propose an event-driven programming model that is oriented towards serverless computing and applies retroaction to the event sourcing paradigm. Our model is deliberately restrictive, but therefore keeps the complexity of retroactive operations in check. We introduce retro-位, a runtime platform that implements the model and provides retroactive capabilites to its applications. While retro-位 only shows negligible performance overheads compared to similar solutions for running regular applications, it enables its users to execute retroactive computations on the application histories as part of its programming model.
Mei脽ner, E., Erb, B. and Kargl, F. 2018. Performance Engineering in Distributed Event-sourced Systems. Proceedings of the 12th ACM International Conference on Distributed and Event-based Systems (Hamilton, New Zealand, 2018), 242鈥245. (acceptance rate: 39%)
Distributed event-sourced systems adopt a fairly new architectural style for data-intensive applications that maintains the full history of the application state. However, the performance implications of such systems are not yet well explored, let alone how the performance of these systems can be improved. A central issue is the lack of systematic performance engineering approaches that take into account the specific characteristics of these systems. To address this problem, we suggest a methodology for performance engineering and performance analysis of distributed event-sourced systems based on specific measurements and subsequent, targeted optimizations. The methodology blends in well into existing software engineering processes and helps developers to identify bottlenecks and to resolve performance issues. Using our structured approach, we improved an existing event-sourced system prototype and increased its performance considerably.
Erb, B., Mei脽ner, E., Ogger, F. and Kargl, F. 2018. Log Pruning in Distributed Event-sourced Systems. Proceedings of the 12th ACM International Conference on Distributed and Event-based Systems (Hamilton, New Zealand, 2018), 230鈥233. (acceptance rate: 39%)
Event sourcing is increasingly used and implemented in event-based systems for maintaining the evolution of application state. However, unbounded event logs are impracticable for many systems, as it is difficult to align scalability requirements and long-term runtime behavior with the corresponding storage requirements. To this end, we explore the design space of log pruning approaches suitable for event-sourced systems. Furthermore, we survey specific log pruning mechanisms for event-sourced logs. In a brief evaluation, we point out the trade-offs when applying pruning to event logs and highlight the applicability of log pruning to event-sourced systems.
Erb, B., Mei脽ner, E., Kargl, F., Steer, B.A., Cuadrado, F., Margan, D. and Pietzuch, P. 2018. Graphtides: A Framework for Evaluating Stream-Based Graph Processing Platforms. Proceedings of the 1st ACM SIGMOD Joint International Workshop on Graph Data Management Experiences & Systems (GRADES) and Network Data Analytics (NDA) (Houston, Texas, 2018). (acceptance rate: 38%)
Stream-based graph systems continuously ingest graph-changing events via an established input stream, performing the required computation on the corresponding graph. While there are various benchmarking and evaluation approaches for traditional, batch-oriented graph processing systems, there are no common procedures for evaluating stream-based graph systems. We, therefore, present GraphTides, a generic framework which includes the definition of an appropriate system model, an exploration of the parameter space, suitable workloads, and computations required for evaluating such systems. Furthermore, we propose a methodology and provide an architecture for running experimental evaluations. With our framework, we hope to systematically support system development, performance measurements, engineering, and comparisons of stream-based graph systems.
Lukaseder, T., St枚lze, K., Kleber, S., Erb, B. and Kargl, F. 2018. An SDN-based Approach for Defending Against Reflective DDoS Attacks. 2018 IEEE 43th Conference on Local Computer Networks (2018). (acceptance rate: 28%)
Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built upon UDP increase the need for automated mitigation mechanisms that react to attacks without prior knowledge of the actual application protocols used. With the flexibility that software-defined networks offer, we developed a new approach for defending against DRDoS attacks; it not only protects against arbitrary DRDoS attacks but is also transparent for the attack target and can be used without assistance of the target host operator. The approach provides a robust mitigation system which is protocol-agnostic and effective in the defense against DRDoS attacks.

2017

Erb, B., Mei脽ner, E., Habiger, G., Pietron, J. and Kargl, F. 2017. Consistent Retrospective Snapshots in Distributed Event-sourced Systems. Conference on Networked Systems (NetSys鈥17) (G枚ttingen, Germany, Mar. 2017).
An increasing number of distributed, event-based systems adopt an architectural style called event sourcing, in which entities keep their entire history in an event log. Event sourcing enables data lineage and allows entities to rebuild any previous state. Restoring previous application states is a straight-forward task in event-sourced systems with a global and totally ordered event log. However, the extraction of causally consistent snapshots from distributed, individual event logs is rendered non-trivial due to causal relationships between communicating entities. High dynamicity of entities increases the complexity of such reconstructions even more. We present approaches for retrospective and global state extraction of event-sourced applications based on distributed event logs. We provide an overview on historical approaches towards distributed debugging and breakpointing, which are closely related to event log-based state reconstruction. We then introduce and evaluate our approach for non-local state extraction from distributed event logs, which is specifically adapted for dynamic and asynchronous event-sourced systems.
Kopp, H., M枚dinger, D., Hauck, F.J., Kargl, F. and B枚sch, C. 2017. Design of a Privacy-Preserving Decentralized File Storage with Financial Incentives. IEEE Sec. & Priv. on the Blockch. (aff. w/ EUROCRYPT) (Paris, 2017).
Surveys indicate that users are often afraid to entrust data to cloud storage providers, because these do not offer sufficient privacy. On the other hand, peer-2-peer鈥揵ased privacy-preserving storage systems like Freenet suffer from a lack of contribution and storage capacity, since there is basically no incentive to contribute own storage capacity to other participants in the network. We address these contradicting requirements by a design which combines a distributed storage with a privacy-preserving blockchain-based payment system to create incentives for participation while maintaining user privacy. By following a Privacy-by-Design strategy integrating privacy throughout the whole system life cycle, we show that it is possible to achieve levels of privacy comparable to state-of-the-art distributed storage technologies, despite integrating a payment mechanism. Our results show that it is possible to combine storage contracts and payments in a privacy-preserving way. Further, our system design may serve as an inspiration for future similar architectures.
Erb, B., Mei脽ner, E., Pietron, J. and Kargl, F. 2017. Chronograph: A Distributed Processing Platform for Online and Batch Computations on Event-sourced Graphs. Proceedings of the 11th ACM International Conference on Distributed and Event-Based Systems (Barcelona, Spain, 2017), 78鈥87. (acceptance rate: 37%)
Several data-intensive applications take streams of events as a continuous input and internally map events onto a dynamic, graph-based data model which is then used for processing. The differences between event processing, graph computing, as well as batch processing and near-realtime processing yield a number of specific requirements for computing platforms that try to unify theses approaches. By combining an altered actor model, an event-sourced persistence layer, and a vertex-based, asynchronous programming model, we propose a distributed computing platform that supports event-driven, graph-based applications in a single platform. Our Chronograph platform concept enables online and offline computations on event-driven, history-aware graphs and supports different processing models on the evolving graph.
Bradatsch, L., Lukaseder, T. and Kargl, F. 2017. A Testing Framework for High-Speed Network and Security Devices. 2017 IEEE 42nd Conference on Local Computer Networks (LCN) (2017), 506鈥509.

2016

Erb, B. and Kargl, F. 2016. Chronograph: A Distributed Platform for Event-Sourced Graph Computing. Proceedings of the Posters and Demos Session of the 17th International Middleware Conference (Trento, Italy, Dec. 2016), 15鈥16.
Many data-driven applications require mechanisms for processing interconnected or graph-based data sets. Several platforms exist for offline processing of such data and fewer solutions address online computations on dynamic graphs. We combined a modified actor model, an event-sourced persistence layer, and a vertex-based, asynchronous programming model in order to unify event-driven and graph-based computations. Our distributed chronograph platform supports both near-realtime and batch computations on dynamic, event-driven graph topologies, and enables full history tracking of the evolving graphs over time.
Lukaseder, T., Bradatsch, L., Erb, B. and Kargl, F. 2016. Setting Up a High-Speed TCP Benchmarking Environment - Lessons Learned. 41st Conference on Local Computer Networks (Nov. 2016), 160鈥163. (acceptance rate: 33%)
There are many high-speed TCP variants with different congestion control algorithms, which are designed for specific settings or use cases. Distinct features of these algorithms are meant to optimize different aspects of network performance, and the choice of TCP variant strongly influences application performance. However, setting up tests to help with the decision of which variant to use can be problematic, as many systems are not designed to deal with high bandwidths, such as 10 Gbps or more. This paper provides an overview of pitfalls and challenges of realistic network analysis to help in the decision making process.
Kraft, R., Erb, B., M枚dinger, D. and Kargl, F. 2016. Using Conflict-free Replicated Data Types for Serverless Mobile Social Applications. Proceedings of the 8th ACM International Workshop on Hot Topics in Planet-scale mObile Computing and Online Social neTworking (Paderborn, Germany, 2016), 49鈥54.
A basic reason for backend systems in mobile application architectures is the centralized management of state. Mobile clients synchronize local states with the backend in order to maintain an up-to-date view of the application state. As not all mobile social applications require strong consistency guarantees, we survey an alternative approach using special data structures for mobile applications. These data structures only provide eventual consistency, but allow for conflict-free replication between peers. Our analysis collects the requirements of social mobile applications for being suitable for this approach. Based on exemplary mobile social applications, we also point out the benefits of serverless architecture or architectures with a thin backend layer.
B枚sch, C., Erb, B., Kargl, F., Kopp, H. and Pfattheicher, S. 2016. Tales from the dark side: Privacy dark strategies and privacy dark patterns. Proceedings on Privacy Enhancing Technologies. 2016, 4 (2016), 237鈥254. (acceptance rate: 23,8% for volume 2016)
Privacy strategies and privacy patterns are fundamental concepts of the privacy-by-design engineering approach. While they support a privacy-aware development process for IT systems, the concepts used by malicious, privacy-threatening parties are generally less understood and known. We argue that understanding the 鈥渄ark side鈥, namely how personal data is abused, is of equal importance. In this paper, we introduce the concept of privacy dark strategies and privacy dark patterns and present a framework that collects, documents, and analyzes such malicious concepts. In addition, we investigate from a psychological perspective why privacy dark strategies are effective. The resulting framework allows for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. We aim to contribute to an easier detection and successive removal of such approaches from the Internet to the benefit of its users.
Mei脽ner, E., Erb, B., van der Heijden, R., Lange, K. and Kargl, F. 2016. Mobile triage management in disaster area networks using decentralized replication. Proceedings of the Eleventh ACM Workshop on Challenged Networks (2016), 7鈥12. (acceptance rate: 52%)
In large-scale disaster scenarios, efficient triage management is a major challenge for emergency services. Rescue forces traditionally respond to such incidents with a paper-based triage system, but technical solutions can potentially achieve improved usability and data availability. We develop a triage management system based on commodity hardware and software components to verify this claim. We use a single-hop, ad-hoc network architecture with multi-master replication, a tablet-based device setup, and a mobile application for emergency services. We study our system in cooperation with regional emergency services and report on experiences from a field exercise. We show that state-of-the-art commodity technology provides the means necessary to implement a triage management system compatible with existing emergency service procedures, while introducing additional benefits. This work highlights that powerful real-world ad-hoc networking applications do not require unreasonable development effort, as existing tools from distributed systems, such as replicating NoSQL databases, can be used successfully.
Kopp, H., B枚sch, C. and Kargl, F. 2016. KopperCoin 鈥 A Distributed File Storage with Financial Incentives. Information Security Practice and Experience (Cham, 2016), 79鈥93.
One of the current problems of peer-to-peer-based file storage systems like Freenet is missing participation, especially of storage providers. Users are expected to contribute storage resources but may have little incentive to do so. In this paper we propose KopperCoin, a token system inspired by Bitcoin's blockchain which can be integrated into a peer-to-peer file storage system. In contrast to Bitcoin, KopperCoin does not rely on a proof of work (PoW) but instead on a proof of retrievability (PoR). Thus it is not computationally expensive and instead requires participants to contribute file storage to maintain the network. Participants can earn digital tokens by providing storage to other users, and by allowing other participants in the network to download files. These tokens serve as a payment mechanism. Thus we provide direct reward to participants contributing storage resources.
Lukaseder, T., Bradatsch, L., Erb, B., Van Der Heijden, R.W. and Kargl, F. 2016. A comparison of TCP congestion control algorithms in 10G networks. 41st Conference on Local Computer Networks (2016), 706鈥714. (acceptance rate: 28%)
The increasing availability of 10G Ethernet network capabilities challenges existing transport layer protocols. As 10G connections gain momentum outside of backbone networks, the choice of appropriate TCP congestion control algorithms becomes even more relevant for networked applications running in environments such as data centers. Therefore, we provide an extensive overview of relevant TCP congestion control algorithms for high-speed environments leveraging 10G. We analyzed and evaluated six TCP variants using a physical network testbed, with a focus on the effects of propagation delay and significant drop rates. The results indicate that of the algorithms compared, BIC is most suitable when no legacy variant is present, CUBIC is suggested otherwise.

2015

Erb, B. and Kargl, F. 2015. A Conceptual Model for Event-sourced Graph Computing. Proceedings of the 9th ACM International Conference on Distributed Event-Based Systems (Oslo, Norway, 2015), 352鈥355.
Systems for highly interconnected application domains are increasingly taking advantage of graph-based computing platforms. Existing platforms employ a batch-oriented computing model and neglect near-realtime processing or temporal analysis. We suggest an extended conceptual model for event-driven computing on graphs. It takes into account the evolution of a graph and enables temporal analyses, processing on previous graph states, and retroactive modifications.

2014

Engelmann, F., Lukaseder, T., Erb, B., van der Heijden, R. and Kargl, F. 2014. Dynamic packet-filtering in high-speed networks using NetFPGAs. Third International Conference on Future Generation Communication Technologies (FGCT 2014) (Aug. 2014), 55鈥59.
Computational power for content filtering in high-speed networks reaches a limit, but many applications as intrusion detection systems rely on such processes. Especially signature based methods need extraction of header fields. Hence we created an parallel protocol-stack parser module on the NetFPGA 10G architecture with a framework for simple adaption to custom protocols. Our measurements prove that the appliance operates at 9.5 Gb/s with a delay in order of any active hop. The work provides the foundation to use for application specific projects in the NetFPGA context.
Erb, B., Kargl, F. and Domaschka, J. 2014. Concurrent Programming in Web Applications. it-Information Technology. 56, 3 (2014), 119鈥126.
Modern web applications are concurrently used by many users and provide increasingly interactive features. Multi-core processors, highly distributed backend architectures, and new web technologies force a reconsideration of approaches for concurrent programming in order to fulfil scalability demands and to implement modern web application features. We provide a survey on different concepts and techniques of concurrency inside web architectures and guide through viable concurrency alternatives for architects and developers.
Erb, B. and Kargl, F. 2014. Combining Discrete Event Simulations and Event Sourcing. Proceedings of the 7th International ICST Conference on Simulation Tools and Techniques (Lisbon, Portugal, 2014), 51鈥55.
Discrete event simulations (DES) represent the status quo for many different types of simulations. There are still open challenges, such as designing distributed simulation architectures, providing development and debugging support, or analyzing and evaluating simulation runs. In the area of scalable, distributed application architectures exists an architectural style called event sourcing, which shares the same inherent idea as DES. We believe that both approaches can benefit from each other and provide a comparison of both approaches. Next, we point out how event sourcing concepts can address DES issues. Finally, we suggest a hybrid architecture that allows to mutually execute simulations and real applications, enabling seamless transitions between both.

Teaching

Lectures

Please see our central teaching page for details on the courses I teach each semester.

Logo: Certificate since 2008 - audit family-friendly university Logo: StudyCheck - top university Logo: StudyCheck - digital readiness