Christoph Meinel

Hasso Plattner Institute, Potsdam, Brandenburg, Germany

Are you Christoph Meinel?

Claim your profile

Publications (555)20.02 Total impact

  • [Show abstract] [Hide abstract]
    ABSTRACT: Invited paper. Preliminary version of this paper appears as ”Hierarchical Object Log Format for Normalisation of Security Events” in Proceedings of the 9th International Conference on Information Assurance and Security (IAS 2013). The differences in log file formats employed in a variety of services and applications remain to be a problem for security analysts and developers of intrusion detection systems. The proposed solution, i.e. the usage of common log formats, has a limited utilisation within existing systems for security management. In our paper, we reveal the reasons for this limitation and show disadvantages of existing common log formats for ormalisation of security events. To deal with it we have created a new log format that fits for intrusion detection purposes and can be extended easily. Based on our developing intrusion detection system, we demonstrate advantages of offered format. However, taking previous work into account, we would like to propose a new format as an extension to existing common log formats, rather than a standalone specification.
    Journal of Information Assurance and Security. 09/2014; 9(3):167-176.
  • Anja Perlich, Julia Von Thienen, Christoph Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: The potential of mental health interventions supported by computers has rarely been explored to date, and the use of technology has hence been limited. There is a need for finding new ways of providing engaging psychotherapy services. We introduce the digital whiteboard system Tele-Board MED (TBM) as a new approach of promoting patient-therapist interaction and joint documentation. Based on observations of cognitive behavioral therapy (CBT) sessions and a text material review we identified possibly useful features. We conducted a qualitative and quantitative feedback study with 34 therapists in the form of a questionnaire based on a video showing the system's fundamental concept and features. This allowed us to evaluate the therapists' attitudes and the ability of a system like TBM to meet user needs. We encountered willingness to use the system primarily driven by practical interest in fulfilling administrative and legal requirements. Skepticism regarding patient file transparency and technology use was also found. The main insight is that reestablishing the nature of CBT sessions towards higher patient engagement can more successfully be pursued if technology provides incentives for therapists, such as features that speed up administrative tasks.
    Studies in health technology and informatics 01/2014; 205:433-437.
  • Andrey Sapegin, Feng Cheng, Christoph Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: Internet scalability depends on scalability of its core routing protocol - Border Gateway Protocol (BGP). However, dynamics of BGP still conceal many unanswered questions. Most of these questions are related to BGP update messages: root cause of update spikes, correlation between update spikes in the different parts of the Internet and influence of individual spikes on global routing. This article presents a methodology to locate routing events behind specific BGP update spikes. The method explores correlated updates seen on different vantage points [1]. Although previous work [2] uses similar approach to identify origin of update bursts, we revise the question considering one-second update spikes as a point of view. This concept allows not only to identify an area where the routing event has happened, but also to find, how an individual BGP update spike was formed, i.e. find a propagation path for a set of routing events behind the spike. Revealed propagation paths – if analysed for a significant amount of update messages – could tell us new facts about specific types of routing events and improve our understanding of BGP scalability. [1] A. Sapegin and S. Uhlig. On the extent of correlation in BGP updates in the Internet and what it tells us about locality of BGP routing events. Computer Communications, 2013. [2] A. Feldmann, O. Maennel, Z. M. Mao, A. Berger, and B. Maggs. Locating Internet routing instabilities. In Proceedings of ACM Conference of the Special Interest Group on Data Communication (SIGCOMM), pages 205–218, 2004.
    IEEE 9th International Conference on Mobile Ad-hoc and Sensor Networks (MSN 2013); 12/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Virtualization allows server consolidation to reduce energy consumption and agile resource provisioning. Consolidation with unaware of the memory-access demand can cause inefficient resource utilization and degrade system performance. In this paper, we propose efficient consolidation of VMs based on the memory-access demand of these VMs to improve overall system performance. Our approach is reactive and exploits the migration capability. We evaluate our algorithm using several simulation setups and different performance metrics. The results show that we can achieve balance in memory-bus utilization and improve of the system compared to CPU-based consolidation approach.
    Proceedings GCM'2013 in conjunction with 6th IEEE/ACM International Conference on Utility and Cloud Computing; 12/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we propose Peer VMs Aggregation (PVA) to enable dynamic discovery of communication patterns and reschedule VMs based on the determined communication patterns using VM migration. In the implementation, we consider that communication delays occur at the server (i.e., memory-bus) and at the data center network. To evaluate our approach, we modeled a network and a memory subsystem on CloudSim simulator. We then used NAS Parallel Benchmarks, which consists of six different applications as parallel applications. We thoroughly evaluated our proposed approach measuring several assessment metrics including VMs placement, performance degradation, and network utilization of each link. The results of the simulation show that our proposed approach significantly reduces the total amount of traffic in the network where it reduces the average of the network's utilization by 25%.
    Proceedings of the 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing; 12/2013
  • Maxim Schnjakin, Tobias Metzke, Christoph Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: Public cloud storage services enable organizations to manage data with low operational expenses. However, the benefits come along with challenges and open issues such as security and reliability. In our work, we presented a system that improves availability, confidentiality and reliability of data stored in the cloud. To achieve this objective, we encrypt user's data and make use of erasure codes to stripe data across cloud storage providers. In this paper we focus on the need to identify an algorithm for encoding and reassembling the data from the clouds. Erasure codes have been introduces more than three decades ago. Due to new technology trends and powerful hardware, new codes as well as improvements on classic codes have been developed recently. Therefore, we provide an overview of the current state of erasure codes. Further, we introduce the relevant codes in detail and compare them on the basis of identified criteria that are relevant to their application in a cloud context. Furthermore, we take a look at the current open source libraries, that support the discussed algorithms. The comparative study will help us to identity the best algorithm for our Cloud-RAID system.
    Proceedings of the 2013 IEEE 16th International Conference on Computational Science and Engineering; 12/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: The differences in log file formats employed in a variety of services and applications remain to be a problem for security analysts and developers of intrusion detection systems. The proposed solution, i.e. the usage of common log formats, has a limited utilization within existing solutions for security management. In our paper, we reveal the reasons for this limitation. We show disadvantages of existing common log formats for normalisation of security events. To deal with it we have created a new log format that fits for intrusion detection purposes and can be extended easily. Taking previous work into account, we would like to propose a new format as an extension to existing common log formats, rather than a standalone specification.
    9th International Conference on Information Assurance and Security (IAS 2013, IEEE); 12/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: In IPv6 networks, two security mechanisms are available at the network-layer; SEcure Neighbor Discovery (SEND) and IP security (IPsec). Although both provide authentication, neither subsumes the other; both SEND and IPsec mechanisms should be deployed together to protect IPv6 networks. However, when a node uses both SEND and IPsec, the authentication has to be done twice, which increases the burden on the node and decreases its performance. In this paper, we propose an approach to enable them to work together under the mediation of an Authentication Management Block, where IPsec uses the public-private keys obtained by SEND rather than negotiating its own authentication credentials in order to save the time and facilitate the IPsec authentication deployment. We implement and evaluate our approach using ipsec-tools and DoCoMo SEND implementations. Our proof-of-concept experiment shows a considerable speedup of IPsec authentication time.
    Proceedings of the 6th International Conference on Security of Information and Networks; 11/2013
  • Hosnieh Rafiee, Christoph Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: Privacy is a very important element in every one's everyday life. Most users would not like to have their data exposed to other people on the Internet. The initial approach used for attacking a user's privacy and security is done by scanning the nodes on a network. This gives an attacker the ability to obtain the IP addresses in use by this node so that this information can then be used to initiate further attacks against this node, such as tracking them via their IP address across the networks, and then, later correlating the user's activities with his IP address. The first attempt by the Internet Engineering Task Force (IETF) to protect a user's privacy was defined in the Privacy Extension RFC [13]. Unfortunately this RFC has some deficiencies which makes its use vulnerable to privacy related attacks. To address this problem, and solve the deficiencies that exist with the use of this RFC, we introduce our new algorithm, which not only maintains a node's lifetime, but also provides a user with a method for randomized Interface ID (IID) generations.
    Proceedings of the 6th International Conference on Security of Information and Networks; 11/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Security has recently become a very important concern for entities using IPv6 networks. This is especially true with the recent news reports where governments and companies have admitted to credible cyber attacks against them in which confidential information and the security of data have been compromised. In this paper we will introduce a flexible framework that can be used for penetration testing of IPv6 networks. Due to the large address space in each of the IPv6 subnets, the traditional scanning approaches do not work. Here we introduce our new scanning algorithm which will find the IPv6 nodes on the Internet which are using Domain Name System (DNS) servers. Our implementation results showed that the use of the DNS Security Extension (DNSSEC) with NSEC3 [4], which is a new and promising approach for the prevention of zone walking, was not able to prevent us from gathering information about nodes on different networks.
    Proceedings of the 6th International Conference on Security of Information and Networks; 11/2013
  • Xiaoyin Che, Haojin Yang, Christoph Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we propose a solution which segments lecture video by analyzing its supplementary synchronized slides. The slides content derives automatically from OCR (Optical Character Recognition) process with an approximate accuracy of 90%. Then we partition the slides into different subtopics by examining their logical relevance. Since the slides are synchronized with the video stream, the subtopics of the slides indicate exactly the segments of the video. Our evaluation reveals that the average length of segments for each lecture is ranged from 5 to 15 minutes, and 45% segments achieved from test datasets are logically reasonable.
    Proceedings of the 21st ACM international conference on Multimedia; 10/2013
  • Konrad-Felix Krentz, Hosnieh Rafiee, Christoph Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: 6LoWPAN is a protocol stack for seamlessly integrating 802.15.4-based wireless sensor networks with IPv6 networks. The security of 6LoWPAN widely depends on the 802.15.4 security sublayer. This sublayer also supports pairwise keys so as to mitigate node compromises. Currently, the establishment of pairwise keys is however unspecified. Moreover, broadcast keys are shared among multiple nodes, which is not compromise resilient. In this paper, we propose two energy-efficient and DoS-resilient 802.15.4 add-ons to fill these gaps: First, a pairwise key establishment scheme, which is adaptable to different 6LoWPAN networks and threat models. Second, an easy-to-implement and compromise-resilient protocol for authenticating broadcast frames. Together, our add-ons contain the effects of node compromises and provide a basis for detecting compromised nodes autonomously. We implemented both add-ons in Contiki and tested them on TelosB motes.
    Proceedings of the International Workshop on Adaptive Security; 09/2013
  • Tayo Arulogun, Ahmad AlSa'deh, Christoph Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: Mobile Internet Protocol (MIP) enables a mobile node to be recognized via a single IP address while the node moves between different networks. MIP attains the connectivity to nodes everywhere without user intervention. One general improvement in Mobile IPv6 (MIPv6) compared to MIPv4 is the enhanced security. However, there are areas still susceptible to various kinds of attacks. Security approaches for the MIPv6 are still in progress and there are few unsolved concerns and problems. This chapter focuses on MIPv6 security considerations, potential threats, and possible defense mechanisms. The authors discuss and analyze in detail the MIPv6 mobility management and security approaches with respect to the efficiency and complexity and bring forward some constructive recommendations.
    09/2013: pages 31; , ISBN: ISBN13: 9781466645141
  • [Show abstract] [Hide abstract]
    ABSTRACT: Creative ways of working with whiteboards and sticky notes are growing in popularity even in global companies. However, digital tools for enabling these ways of working, especially for geographically distributed teams, have still not been adopted in these companies. We present Tele-Board, a web-based digital whiteboard and sticky note system and describe how it was used in a large company at three locations. From system log data and interviews recorded after three months of use, we found that idea generation and feedback collection can be facilitated if a system offers real-time synchronous editing as well as asynchronous input. Interestingly, the users who were not located at the company's headquarters regarded the tool as very beneficial and used it more than their colleagues at the headquarters. We provide a detailed analysis of the study and important points for fostering the adoption of creative tools in large companies.
    Proceedings of the 2013 conference on Computer supported cooperative work; 02/2013
  • Source
    W. Dawoud, I. Takouna, C. Meinel
  • C. Willems, J. Jasper, C. Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: Massive Open Online Courses (MOOCs) have become the trending topic in e-learning. Many institutions started to offer courses, either on commercial platforms like Coursera and Udacity or using own platform software. While many courses share the concept of lecture videos combined with automatically assessable assignments, and discussion forums, only few courses provide hands-on experience. The design of practical exercises poses a great challenge to a teaching team and gets even more challenging if these assignments should be gradable. In the course Internetworking with TCP/IP on the German MOOC platform openHPI, the teaching team conducted an experiment with three practical tasks that were implemented as assessed bonus exercises. The exercise design was limited by the constraint that the platform software could not be adapted for these exercises and that there could be no central training environment to perform these assignments. This paper describes the experiment setup, the challenges and pitfalls and evaluates the result based on statistical data and a survey taken by the course participants.
    Teaching, Assessment and Learning for Engineering (TALE), 2013 IEEE International Conference on; 01/2013
  • P. Hennig, P. Berger, C. Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: Information about upcoming trends is a valuable knowledge for both, companies and individuals. Detecting trends for a certain topic is of special interest. According to the latest information over 200 million blogs exist in the World Wide Web. Hence, every day millions of posts are published. These blogs contain an enormous think tank of open-source intelligence. Considering the continuously growing nature of the World Wide Web a primary factor of success is the ability to include the latest data and focus on the complete data set of blogs. The structured as well as unstructured data of blogs are available offline via a single database for further analyses. This paper describes and evaluates an algorithm to detect trends based on the data published in blog posts.
    Web Intelligence (WI) and Intelligent Agent Technologies (IAT), 2013 IEEE/WIC/ACM International Joint Conferences on; 01/2013
  • L. Gericke, C. Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we present a concept for developing applications that allow users to work synchronously together while being able to use asynchronous features, such as work resumption from any point in time. Therefore, we formulate abstract requirements for a protocol realizing the introduced approach. Furthermore, an architecture for deployment is outlined. We show three different applications - all realizing the proposed method. An evaluation summarizes the drawbacks and advantages of the approach. The introduced concept should show up a practical solution especially to sufficiently store collaboration processes. By proving the combination of synchronous and asynchronous features into one application to fulfill basic user needs, it could be an efficient way for applications realizing two working modes, which mostly have been addressed separately in previous solutions.
    Collaboration Technologies and Systems (CTS), 2013 International Conference on; 01/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Current blog search engines use rankings, such as BIImpact or B2Rank, focusing on the link structure and thereat criteria externally extracted for blogs. A good, but due to the unavailability, not often used criteria is the visitor engagement. This metric can leverage the quality of a ranking extremely. For this reason, we propose to gather visitor information from log authors by providing a new blog plug in. This plug in on the one hand tracks the visitor information and on the other hand provides important analysis information for the blog author. Finally, this leads into a win-win situation for both, the blog search engine and the blogger. The benefit of this plug in is to provide analytics based on the blog where the plug in is installed as well as analytics based on the whole community of bloggers. With this information a blogger is able to gain significant knowledge advantage.
    Social Computing (SocialCom), 2013 International Conference on; 01/2013
  • H. Rafiee, C. Meinel
    [Show abstract] [Hide abstract]
    ABSTRACT: The Domain Name System (DNS) is an essential part of the Internet on whose function many other protocols rely. One key DNS function is Dynamic Update, which allows hosts on the network to make updates to DNS records dynamically, without the need for restarting the DNS service. Unfortunately, this dynamic process does expose DNS servers to security issues. To address these issues two protocols were introduced: Transaction Signature (TSIG) and Domain Name System Security Extensions (DNSSEC). In Internet Protocol version 4 (IPv4) networks using these protocols eliminated security issues. In Internet Protocol version 6 (IPv6) however, there is an issue with the DNS authentication process when using the Stateless Address Auto Configuration (SLAAC) mechanism (new to IPv6, nonexistent in IPv4). This authentication issue occurs when a node wants to update its resource records on a DNS server, during the DNS update process, or when a client wants to authenticate a DNS resolver to ensure that the DNS response does not contain a spoofed source address or message. In this paper we propose the use of a new mechanism which makes use of asymmetric cryptography to establish a trust relationship with the DNS server. We also consider the use of the current security parameters used to generate IPv6 addresses in a secure manner, i.e. Secure Neighbor Discovery (SeND), for assuring clients and DNS servers that the one they are communicating with is the real owner of this IP address. Since we are extending the RDATA field within the TSIG protocol to accommodate these new security parameters, we will call this new mechanism the CGA-TSIG algorithm.
    Network Computing and Applications (NCA), 2013 12th IEEE International Symposium on; 01/2013

Publication Stats

2k Citations
20.02 Total Impact Points


  • 2005–2014
    • Hasso Plattner Institute
      Potsdam, Brandenburg, Germany
  • 2005–2013
    • Universität Potsdam
      • Hasso-Plattner-Institut für Softwaresystemtechnik GmbH
      Potsdam, Brandenburg, Germany
  • 2010
    • University of Bayreuth
      Bayreuth, Bavaria, Germany
    • Freie Universität Berlin
      • Institute of Computer Science
      Berlin, Land Berlin, Germany
  • 2009
    • University of Luxembourg
      Letzeburg, Luxembourg, Luxembourg
  • 1994–2006
    • Universität Trier
      • Faculty IV
      Trier, Rheinland-Pfalz, Germany
  • 2004
    • Georg-August-Universität Göttingen
      • Institute for Numerical and Applied Mathematics
      Göttingen, Lower Saxony, Germany
  • 1988–1995
    • Humboldt-Universität zu Berlin
      Berlín, Berlin, Germany