RWTH Aachen University SPICe Im Süsterfeld 9 52072 Aachen, GERMANY
I am a researcher and Ph.D. student affiliated with the Department of Computer Science at RWTH Aachen University. My research interests involve the overhead evaluation and optimization of end-to-end security mechanisms. I am currently engaged in the PlusMoSmart Project.
Publications
2023
MobiQuitous
Securing Wireless Communication in Critical Infrastructure: Challenges and Opportunities
Jörn Bodenhausen, Christian Sorgatz, Thomas Vogt, Kolja Grafflage, Sebastian Rötzel, Michael Rademacher, and Martin Henze
In Proceedings of the 20th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous), Nov 2023
Critical infrastructure constitutes the foundation of every society. While traditionally solely relying on dedicated cable-based communication, this infrastructure rapidly transforms to highly digitized and interconnected systems which increasingly rely on wireless communication. Besides providing tremendous benefits, especially affording the easy, cheap, and flexible interconnection of a large number of assets spread over larger geographic areas, wireless communication in critical infrastructure also raises unique security challenges. Most importantly, the shift from dedicated private wired networks to heterogeneous wireless communication over public and shared networks requires significantly more involved security measures. In this paper, we identify the most relevant challenges resulting from the use of wireless communication in critical infrastructure and use those to identify a comprehensive set of promising opportunities to preserve the high security standards of critical infrastructure even when switching from wired to wireless communication.
2022
ASIA CCS
Missed Opportunities: Measuring the Untapped TLS Support in the Industrial Internet of Things
The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) modern protocols, e.g., MQTT, are directly designed to use TLS. To understand whether these changes indeed lead to secure Industrial Internet of Things deployments, i.e., using TLS-based protocols, which are configured according to security best practices, we perform an Internet-wide security assessment of ten industrial protocols covering the complete IPv4 address space. Our results show that both, retrofitted existing protocols and newly developed secure alternatives, are barely noticeable in the wild. While we find that new protocols have a higher TLS adoption rate than traditional protocols (7.2 % vs. 0.4 %), the overall adoption of TLS is comparably low (6.5 % of hosts). Thus, most industrial deployments (934,736 hosts) are insecurely connected to the Internet. Furthermore, we identify that 42 % of hosts with TLS support (26,665 hosts) show security deficits, e.g., missing access control. Finally, we show that support in configuring systems securely, e.g., via configuration templates, is promising to strengthen security.