Refine
Document Type
- Master's Thesis (4)
- Article (reviewed) (1)
Has Fulltext
- yes (5)
Keywords
- IT-Sicherheit (5) (remove)
Institute
- Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) (5) (remove)
Open Access
- Closed (3)
- Closed Access (1)
- Open Access (1)
Extensible Authentication Protocol (EAP) bietet eine flexible Möglichkeit zur Authentifizierung von Endgeräten und kann in Kombination mit TLS für eine zertifikatsbasierte Authentifizierung verwendet werden. Motiviert wird diese Arbeit von einer potenziellen Erweiterung für PROFINET, die diese Protokolle einsetzen soll.
Dabei soll eine sicherer EAP-TLS-Protokollstacks für eingebettete Systeme in der Programmiersprache Rust entwickelt werden. Durch das Ownership-System von Rust können Speicherfehler eliminiert werden, ohne dabei auf die positiven Eigenschaften von nativen Sprachen zu verzichten. Es wird ein besonderes Augenmerk auf wie die Verwendung klassischer Rust-Bibliotheken im Umfeld von eingebetteten Systemen, den Einfluss des Speichermodells auf das Design, sowie die Integration von C-Bibliotheken für automatisierte Interoperabilitätstests gelegt.
In recent years, both the Internet of Things (IoT) and blockchain technologies have been highly influential and revolutionary. IoT enables companies to embrace Industry 4.0, the Fourth Industrial Revolution, which benefits from communication and connectivity to reduce cost and to increase productivity through sensor-based autonomy. These automated systems can be further refined with smart contracts that are executed within a blockchain, thereby increasing transparency through continuous and indisputable logging. Ideally, the level of security for these IoT devices shall be very high, as they are specifically designed for this autonomous and networked environment. This paper discusses a use case of a company with legacy devices that wants to benefit from the features and functionality of blockchain technology. In particular, the implications of retrofit solutions are analyzed. The use of the BISS:4.0 platform is proposed as the underlying infrastructure. BISS:4.0 is
intended to integrate the blockchain technologies into existing enterprise environments. Furthermore, a security analysis of IoT and blockchain present attacks and countermeasures are presented that are identified and applied to the mentioned use case.
As the Industry 4.0 is evolving, the previously separated Operational Technology (OT) and Information Technology (IT) is converging. Connecting devices in the industrial setting to the Internet exposes these systems to a broader spectrum of cyber-attacks. The reason is that since OT does not have much security measures as much as IT, it is more vulnerable from the attacker's perspective. Another factor contributing to the vulnerability of OT is that, when it comes to cybersecurity, industries have focused on protecting information technology and less prioritizing the control systems. The consequences of a security breach in an OT system can be more adverse as it can lead to physical damage, industrial accidents and physical harm to human beings. Hence, for the OT networks, certificate-based authentication is implemented. This involves stages of managing credentials in their communication endpoints. In the previous works of ivESK, a solution was developed for managing credentials. This involves a CANopen-based physical demonstrator where the certificate management processes were developed. The extended feature set involving certificate management will be based on the existing solution. The thesis aims to significantly improve such a solution by addressing two key areas that is enhancing functionality and optimizing real-time performance. Regarding the first goal, firstly, an analysis of the existing feature set shall be carried out, where the correct functionality shall be guaranteed. The limitations from the previously implemented system will be addressed and to make sure it can be applied to real world scenarios, it will be implemented and tested in the physical demonstrator. This will lay a concrete foundation that these certificate management processes can be used in the industries in large-scale networks. Implementation of features like revocation mechanism for certificates, automated renewal of the credentials and authorization attribute checks for the certificate management will be implemented. Regarding the second goal, the impact of credential management processes on the ongoing CANopen real-time traffic shall be a studied. Since in real life scenarios, mission-critical applications like Industrial control systems, medical devices, and transportation networks rely on real-time communication for reliable operation, delays or disruptions caused by credential management processes can have severe consequences. Optimizing these processes is crucial for maintaining system integrity and safety. The effect to minimize the disturbance of the credential management processes on the normal operation of the CANopen network shall be characterized. This shall comprise testing real-time parameters in the network such as CPU load, network load and average delay. Results obtained from each of these tests will be studied.
Eine reine Passwortauthentifizierung, wie sie im Hochschulumfeld eingesetzt wird, bringt Sicherheitsrisiken mit sich. Ziel dieser Arbeit ist es zu analysieren, wie die Sicherheit in der Praxis mittels einer Zwei-Faktor-Authentifizierung erhöht werden kann und in welcher Weise die Einführung eines Single-Sign-On Konzept zum Erreichen dieses Ziels beiträgt. Es konnte gezeigt werden, dass eine Shibboleth IdP Installation als zentraler Zugangspunkt für Single-Sign-On sowie eine daran angebundene privacyIDEA-Instanz die Umsetzung der Zwei-Faktor-Authentifizierung für einige aber nicht alle Dienste ermöglicht.
Annotated training data is essential for supervised learning methods. Human annotation is costly and laborsome especially if a dataset consists of hundreds of thousands of samples and annotators need to be hired. Crowdsourcing emerged as a solution that makes it easier to get access to large amounts of human annotators. Introducing paid external annotators however introduces malevolent annotations, both intentional and unintentional. Both forms of malevolent annotations have negative effects on further usage of the data and can be summarized as spam. This work explores different approaches to post-hoc detection of spamming users and which kinds of spam can be detected by them. A manual annotation checking process resulted in the creation of a small user spam dataset which is used in this thesis. Finally an outlook for future improvements of these approaches will be made.