Refine
Year of publication
Document Type
- Conference Proceeding (133)
- Article (unreviewed) (19)
- Article (reviewed) (14)
- Part of a Book (11)
- Patent (3)
- Report (3)
Conference Type
- Konferenzartikel (131)
- Konferenz-Abstract (1)
- Sonstiges (1)
Has Fulltext
- no (183) (remove)
Is part of the Bibliography
- yes (183)
Keywords
- Kommunikation (11)
- Eingebettetes System (8)
- Intelligentes Stromnetz (4)
- Security (4)
- Sicherheit (4)
- Energieversorgung (3)
- Messung (3)
- Sensortechnik (3)
- Applikation (2)
- Bearings (2)
Institute
- ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik (113)
- Fakultät Elektrotechnik und Informationstechnik (E+I) (bis 03/2019) (110)
- Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) (69)
- Fakultät Maschinenbau und Verfahrenstechnik (M+V) (3)
- Fakultät Medien (M) (ab 22.04.2021) (1)
Open Access
- Closed Access (93)
- Closed (38)
- Open Access (32)
- Bronze (6)
- Diamond (2)
- Gold (1)
In recent times, 5G has found applications in several public as well as private networks. There is a growing need to make it compatible with diverse services without compromising security. Current security options for authenticating devices into a home network are 5G Authentication and Key Agreement (5G-AKA) and Extensible Authentication Protocol (EAP)-AKA'. However, for specific use cases such as private networks, more customizable and convenient authentication mechanisms are required. The current mobile networks use authentication based only on SIM cards, but as 5G is being applied in fields like IIoT and automation, even in Non-Public-Networks (NPNs), there is a need for a simpler method of authentication. Certificate-based authentication is one such mechanism that is passwordless and works solely on the information present in the digital certificate that the user holds. The paper suggests an authentication mechanism that performs certificate-based mutual authentication between the UE and the Home network. The proposed concept identifies both the user and network with digital certificates and intends to carry out primary authentication with the help of it. In this work we conduct a study on presently available authentication protocols for 5G networks, both theoretically and experimentally in hardware as well as virtual environments. On the basis of the analysis a series of proposed steps for certificate primary authentication are presented.
The Transport Layer Security protocol is a widespread cryptographic protocol designed to provide secure communication over insecure networks by providing authenticity, integrity, and confidentiality. As a first step, in the TLS Handshake Protocol a common master secret is negotiated. In many configurations, this step makes considerable use of asymmetric cryptographic algorithms. It seems to be a prevalent assumption that the use of such asymmetric cryptographic algorithms is unsuitable for resource-constrained devices. Therefore, the work at hand analyzes the runtime performance of the TLS vl.2 session establishments on an embedded ARM Cortex-M4 platform. We measure the execution time to generate and parse session establishment messages for the client and server sides. In particular, we study the impact of different elliptic curves used for the ephemeral Diffie-Hellman key exchange and the impact of different lengths and subject public key algorithms of certification paths. Our analysis shows that the use of asymmetric cryptographic algorithms is well possible on resource-constrained devices, if carefully chosen and well implemented. This allows the use of the well-proven TLS protocol also for applications from the (Industrial) Internet of Things, including Fieldbus communication.
Physical unclonable functions (PUFs) are increasingly generating attention in the field of hardware-based security for the Internet of Things (IoT). A PUF, as its name implies, is a physical element with a special and unique inherent characteristic and can act as the security anchor for authentication and cryptographic applications. Keeping in mind that the PUF outputs are prone to change in the presence of noise and environmental variations, it is critical to derive reliable keys from the PUF and to use the maximum entropy at the same time. In this work, the PUF output positioning (POP) method is proposed, which is a novel method for grouping the PUF outputs in order to maximize the extracted entropy. To achieve this, an offset data is introduced as helper data, which is used to relax the constraints considered for the grouping of PUF outputs, and deriving more entropy, while reducing the secret key error bits. To implement the method, the key enrollment and key generation algorithms are presented. Based on a theoretical analysis of the achieved entropy, it is proven that POP can maximize the achieved entropy, while respecting the constraints induced to guarantee the reliability of the secret key. Moreover, a detailed security analysis is presented, which shows the resilience of the method against cyber-security attacks. The findings of this work are evaluated by applying the method on a hybrid printed PUF, where it can be practically shown that the proposed method outperforms other existing group-based PUF key generation methods.
The often-occurring short-term orders of manufactured products require a high machine availability. This requirement increases the importance of predictive maintenance solutions for bearings used in machines. There are, among others, hybrid solutions that rely on a physical model. For their usage, knowing the different degradation stages of bearings is essential. This research analyzes the underlying failure mechanisms of these stages theoretically and in a practical example of the well-known FEMTO dataset used for the IEEE PHM 2012 Data Challenge to provide this knowledge. In addition, it shows for which use cases the usage of low-frequency accelerometers is sufficient. The analysis provides that the degradation stages toward the end of the bearing life can also be detected with low-frequency accelerometers. Further, the importance of high-frequency accelerometers to detect bearing faults in early degradation stages is pointed out. These aspects have not been paid attention to by industry and research until now, despite providing a considerable cost-saving potential.
As cyber-attacks and functional safety requirements increase in Operational Technology (OT), implementing security measures becomes crucial. The IEC/IEEE 60802 draft standard addresses the security convergence in Time-Sensitive Networks (TSN) for industrial automation.We present the standard’s security architecture and its goals to establish end-to-end security with resource access authorization in OT systems. We compare the standard to our abstract technology-independent model for the management of cryptographic credentials during the lifecycles of OT systems. Additionally, we implemented the processes, mechanisms, and protocols needed for IEC/IEEE 60802 and extended the architecture with public key infrastructure (PKI) functionalities to support complete security management processes.
Training deep neural networks using backpropagation is very memory and computationally intensive. This makes it difficult to run on-device learning or fine-tune neural networks on tiny, embedded devices such as low-power micro-controller units (MCUs). Sparse backpropagation algorithms try to reduce the computational load of on-device learning by training only a subset of the weights and biases. Existing approaches use a static number of weights to train. A poor choice of this so-called backpropagation ratio limits either the computational gain or can lead to severe accuracy losses. In this paper we present TinyProp, the first sparse backpropagation method that dynamically adapts the back-propagation ratio during on-device training for each training step. TinyProp induces a small calculation overhead to sort the elements of the gradient, which does not significantly impact the computational gains. TinyProp works particularly well on fine-tuning trained networks on MCUs, which is a typical use case for embedded applications. For typical datasets from three datasets MNIST, DCASE2020 and CIFAR10, we are 5 times faster compared to non-sparse training with an accuracy loss of on average 1%. On average, TinyProp is 2.9 times faster than existing, static sparse backpropagation algorithms and the accuracy loss is reduced on average by 6 % compared to a typical static setting of the back-propagation ratio.
Security in IT systems, particularly in embedded devices like Cyber Physical Systems (CPSs), has become an important matter of concern as it is the prerequisite for ensuring privacy and safety. Among a multitude of existing security measures, the Transport Layer Security (TLS) protocol family offers mature and standardized means for establishing secure communication channels over insecure transport media. In the context of classical IT infrastructure, its security with regard to protocol and implementation attacks has been subject to extensive research. As TLS protocols find their way into embedded environments, we consider the security and robustness of implementations of these protocols specifically in the light of the peculiarities of embedded systems. We present an approach for systematically checking the security and robustness of such implementations using fuzzing techniques and differential testing. In spite of its origin in testing TLS implementations we expect our approach to likewise be applicable to implementations of other cryptographic protocols with moderate efforts.
Die immer weitreichenderen Anwendungen des Smart Metering und des Smart Grid stellen immer höhere Anforderungen an Kommunikationstechnologien, die die Zielkonflikte aus Echtzeitfähige, Stabilität, Kosten und Energieeffizienz möglichst anwendungsoptimiert und auf einem immer höheren Niveau lösen. Insbesondere im Bereich der so genannten Primärkommunikation zwischen einem Sensor- oder Aktorknoten und einem Datensammler mit Gatewayfunktionalität konnten in den vergangenen Jahren wesentliche Fortschritte erzielt werden. Zu nennen sind hierbei insbesondere die Aktivitäten der ZigBee Alliance rund um den offenen Spezifikationsprozess des ZigBee Smart Energy Profiles (SEP) und der OMS-Gruppe beim ZVEI, die auf dem Wireless M-Bus nach EN13757-4 aufbauen, der sich seinerseits lebhaft und zielgerichtet weiter entwickelt. Der Beitrag diskutiert die vorhandenen Einschränkungen und die verfügbaren Lösungsansätze. Er illustriert diese anhand einiger öffentlich geförderter Projekte, an denen das Team des Autors beteiligt ist.
This paper presents the elements and the results from the European research project inCASA (Integrated Network for Completely Assisted Senior Citizen’s Autonomy), which designed and implemented a seamless integration of heterogeneous systems and network protocols for regionally distributed telecare and telehealth applications. The integration includes a multitude of physical interface, the transcoding of data models using embedded middleware, and a backend system with open interfaces. The implementation was verified in field tests in five European countries.
Immer mehr Anwendungen der Heim- und der Gebäudeautomatisierung werden vernetzt, weil damit erweiterte Funktionen ermöglicht oder Kosten gespart werden können. Dabei führt eine Reihe von Aspekten zu einem erhöhten Risiko für diese vernetzten Systeme. Gegenwärtig arbeiten verschiedene Gruppen an Sicherheitslösungen für die vernetzte Heim- und Gebäudeautomatisierung. Der Beitrag gibt einen Überblick über diese Aktivitäten und zeigt die wesentlichen Entwicklungsrichtungen auf.
Efficient, secure and reliable communication is a major precondition for powerful applications in smart metering and smart grid. This especially holds true for the so called primary communication in the Local Metrological Network (LMN) between meter and data collector, as the LMN comes with the most stringent requirements with regard to cost, range, as well as bandwidth and energy efficiency. Until today, LMN field tests are operated all over the world. In these installations, however, energy autarkic systems play a marginal role. This contribution describes the results of the framework 7 (FP 7) WiMBex project (“Remote wireless water meter reading solution based on the EN 13757 standard, providing high autonomy, interoperability and range”). In this project an energy autarkic water meter was developed and tested, which follows the specification of the Wireless M-Bus protocol (EN 13757). The complete system development covers the PCB with the RF transceiver and the microcontroller, the energy converter and storage, and the software with the protocol. This contribution especially concentrates on the design, the development and the verification of the routing protocol. The routing protocol is based on the Q mode of EN13757-5 (Wireless M-Bus) and was extended by an additional energy state related parameter. This extension is orthogonal to the existing protocol and considers both the charge level and the charge characteristics (rate of occurrences, intensity). The software was implemented in NesC under the operating system TinyOS. The system was verified in an automated test bed and in field tests in UK and Ireland.
In the last decade, IPv6 over Low power Wireless Personal Area Networks, also known as 6LoWPAN, has well evolved as a primary contender for short range wireless communication and holds the promise of an Internet of Things, which is completely based on the Internet Protocol. In the meantime, various 6LoWPAN implementations are available, be it open source or commercial. One of these implementations, which was developed by the authors' team, was tested on an Automated Physical Testbed for Wireless Systems at the Laboratory Embedded Systems and Communication Electronics of Offenburg University of Applied Sciences, which allows the flexible setup and full control of arbitrary topologies. It also supports time-varying topologies and thus helps to measure performance of the RPL implementation. The results of the measurements show a very good stability and short-term and long-term performance also under dynamic conditions. In addition, it can be proven that the performance predictions from other papers are consistent with real-life implementations.
In dem Maße, in dem sich die industrielle Automatisierung verändert, verändern sich auch die Anforderungen an die Sicherheit. Neben der funktionalen Sicherheit rückt dabei immer mehr die Datensicherheit in den Mittelpunkt. Als „best practice“ bietet es sich an, bewährte Sicherungstechniken aus der IT auch in der industriellen Kommunikation einzusetzen.
Während neue Komponenten für „Short Range Wireless Networks“ längere Zeit eher moderate technische Fortschritte gebracht haben, sind in jüngerer Zeit einige außerordentlich interessante strategische Entwicklungslinien deutlich geworden, die in diesem Beitrag an Hand von konkreten Produktbeispielen vorgestellt werden.
On the possibility to use leaky feeders for positioning in chirp spread spectrum technologies
(2014)
Real Time Localization Systems using electromagnetic waves have significantly evolved during the last years. They also might be used in industrial and in mining environments. Here, topologies might include tunnels, where it might be difficult to ensure the field coverage. Leaky feeder cables are a common solution in case of normal radio communication. In this paper, we study the possibilities to use leaky feeders also for Time-of-Flight based real time localization in such linear topologies, like tunnels, but possibly also for 2D-localization. Theoretical analysis is verified with real-life measurements, which were performed using Chirp Spread Spectrum Technologies.
Automated RF Emulator for a Highly Scalable IEEE802.11p Communication and Localization Subsystem
(2014)
The IEEE802.11p standard describes a protocol for car-to-X and mainly for car-to-car-communication. In the research project Ko-TAG, which is part of the research initiative Ko-FAS, cooperative sensor technology is developed for the support of highly autonomous driving. The Ko-TAG subsystem improves the real-time characteristics of IEEE802.11p needed for precise time of flight real-time localization while still fitting into the regulatory schemes. A secondary radar principle based on communication signals enables localization of objects with simultaneous data transmission. The Ko-TAG subsystem mainly concentrates on the support of traffic safety applications in intra-urban scenarios. This paper details on the development of a fully automated RF emulator used to test the Ko-TAG subsystem.
The RF emulator includes the physical networking nodes, but models the RF environment using RF-waveguides. The RF emulator allows the controlling of path loss and connectivity between any of the nodes with the help of RF attenuators and programmable RF switches, while it is shielded against its surrounding RF environment in the lab. Therefore it is an inexpensive alternative to an RF absorber chamber, which often is not available or exceeds the project’s budget.
Details about the system definition can be found in earlier papers. Test results are shown in the last part of the paper.