About
358
Publications
73,509
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
6,855
Citations
Citations since 2017
Publications
Publications (358)
Dynamic and flexible business relationships are expected to become more important in the future to accommodate specialized change requests or small-batch production. Today, buyers and sellers must disclose sensitive information on products upfront before the actual manufacturing. However, without a trust relation, this situation is precarious for t...
The identification of mediators for physiologic processes, correlation of molecular processes, or even pathophysiological processes within a single organ such as the kidney or heart has been extensively studied to answer specific research questions using organ-centered approaches in the past 50 years. However, it has become evident that these appro...
The main objectives in production technology are quality assurance, cost reduction, and guaranteed process safety and stability. Digital shadows enable a more comprehensive understanding and monitoring of processes on shop floor level. Thus, process information becomes available between decision levels, and the aforementioned criteria regarding qua...
The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data...
The increasing product variability and lack of skilled workers demand for autonomous, flexible production. Since assembly is considered a main cost driver and accounts for a major part of production time, research focuses on new technologies in assembly. The paradigm of Line-less Mobile Assembly Systems (LMAS) provides a solution for the future of...
Industrial intrusion detection promises to protect networked industrial control systems by monitoring them and raising an alarm in case of suspicious behavior. Many monolithic intrusion detection systems are proposed in literature. These detectors are often specialized and, thus, work particularly well on certain types of attacks or monitor differe...
Anonymous communication on the Internet is about hiding the relationship between communicating parties. At NDSS '16, we presented a new website fingerprinting approach, CUMUL, that utilizes novel features and a simple yet powerful algorithm to attack anonymization networks such as Tor. Based on pattern observation of data flows, this attack aims at...
Cyberattacks against industrial control systems pose a serious risk to the safety of humans and the environment. Industrial intrusion detection systems oppose this threat by continuously monitoring industrial processes and alerting any deviations from learned normal behavior. To this end, various streams of research rely on advanced and complex app...
The ongoing trend to move industrial appliances from previously isolated networks to the Internet requires fundamental changes in security to uphold secure and safe operation. Consequently, to ensure end-to-end secure communication and authentication, (i) traditional industrial protocols, e.g., Modbus, are retrofitted with TLS support, and (ii) mod...
Blockchain technology promises to overcome trust and privacy concerns inherent to centralized information sharing. However, current decentralized supply chain management systems do either not meet privacy and scalability requirements or require a trustworthy consortium, which is challenging for increasingly dynamic supply chains with constantly cha...
Resource-constrained devices increasingly rely on wireless communication for the reliable and low-latency transmission of short messages. However, especially the implementation of adequate integrity protection of time-critical messages places a significant burden on these devices. We address this issue by proposing BP-MAC, a fast and memory-efficie...
Anomaly-based intrusion detection promises to detect novel or unknown attacks on industrial control systems by modeling expected system behavior and raising corresponding alarms for any deviations.As manually creating these behavioral models is tedious and error-prone, research focuses on machine learning to train them automatically, achieving dete...
Blockchains gained tremendous attention for their capability to provide immutable and decentralized event ledgers that can facilitate interactions between mutually distrusting parties. However, precisely this immutability and the openness of permissionless blockchains raised concerns about the consequences of illicit content being irreversibly stor...
The automatic identification system (AIS) was introduced in the maritime domain to increase the safety of sea traffic. AIS messages are transmitted as broadcasts to nearby ships and contain, among others, information about the identification, position, speed, and course of the sending vessels. AIS can thus serve as a tool to avoid collisions and in...
Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge bas...
Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge bas...
QUIC offers security and privacy for modern web traffic by closely integrating encryption into its transport functionality. In this process, it hides transport layer information often used for network monitoring, thus obsoleting traditional measurement concepts. To still enable passive RTT estimations, QUIC introduces a dedicated measurement bit -...
QUIC offers security and privacy for modern web traffic by closely integrating encryption into its transport functionality. In this process, it hides transport layer information often used for network monitoring, thus obsoleting traditional measurement concepts. To still enable passive RTT estimations, QUIC introduces a dedicated measurement bit -...
Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work,...
Given the tremendous success of the Internet of Things in interconnecting consumer devices, we observe a natural trend to likewise interconnect devices in industrial settings, referred to as Industrial Internet of Things or Industry 4.0. While this coupling of industrial components provides many benefits, it also introduces serious security challen...
HTTP/2 and HTTP/3 avoid concurrent connections but instead multiplex requests over a single connection. Besides enabling new features, this reduces overhead and enables fair bandwidth sharing. Redundant connections should hence be a story of the past with HTTP/2. However, they still exist, potentially hindering innovation and performance. Thus, we...
The Internet of Things provides manufacturing with rich data for increased automation. Beyond company-internal data exploitation, the sharing of product and manufacturing process data along and across supply chains enables more efficient production flows and product lifecycle management. Even more, data-based automation facilitates short-lived ad h...
In industrial settings, significant process improvements can be achieved when utilising and sharing information across stakeholders. However, traditionally conservative companies impose significant confidentiality requirements for any (external) data processing. We discuss how privacy-preserving computation can unlock secure and private collaborati...
The General Data Protection Regulation (GDPR) is in effect since May of 2018. As one of the most comprehensive pieces of legislation concerning privacy, it sparked a lot of discussion on the effect it would have on users and providers of online services in particular, due to the large amount of personal data processed in this context. Almost three...
Congestion control is essential for the stability of the Internet and the corresponding algorithms are commonly evaluated for interoperability based on flow-rate fairness. In contrast, video conferencing software such as Zoom uses custom congestion control algorithms whose fairness behavior is mostly unknown. Aggravatingly, video conferencing has r...
Network operators utilize traffic monitoring to locate and fix faults or performance bottlenecks. This often relies on intrinsic protocol semantics, e.g., sequence numbers, that many protocols share implicitly through their packet headers. The arrival of (almost) fully encrypted transport protocols, such as QUIC, significantly complicates this moni...
Network operators utilize traffic monitoring to locate and fix faults or performance bottlenecks. This often relies on intrinsic protocol semantics, e.g., sequence numbers, that many protocols share implicitly through their packet headers. The arrival of (almost) fully encrypted transport protocols, such as QUIC, significantly complicates this moni...
As decision-making is increasingly data-driven, trustworthiness and reliability of the underlying data, e.g., maintained in knowledge graphs or on the Web, are essential requirements for their usability in the industry. However, neither traditional solutions, such as paper-based data curation processes, nor state-of-the-art approaches, such as dist...
Assembly systems must provide maximum flexibility qualified by organization and technology to offer cost-compliant performance features to differentiate themselves from competitors in buyers’ markets. By mobilization of multipurpose resources and dynamic planning, Line-less Mobile Assembly Systems (LMASs) offer organizational reconfigurability. By...
Bufferbloat and congestion in the Internet call for the application of AQM wherever possible: on backbone routers, on data center switches, and on home gateways. While it is easy to deploy on software switches, implementing and deploying RFC-standardized AQM algorithms on programmable, pipeline-based ASICs is challenging as architectural constraint...
The benefits of information sharing along supply chains are well known for improving productivity and reducing costs. However, with the shift toward more dynamic and flexible supply chains, privacy concerns severely challenge the required information retrieval. A lack of trust between the different involved stakeholders inhibits advanced, multi-hop...
The ongoing digitization of industrial manufacturing leads to a decisive change in industrial communication paradigms. Moving from traditional one-to-one to many-to-many communication, publish/subscribe systems promise a more dynamic and efficient exchange of data. However, the resulting significantly more complex communication relationships render...
Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work,...
Congestion control is essential for the stability of the Internet and the corresponding algorithms are commonly evaluated for interoperability based on flow-rate fairness. In contrast, video conferencing software such as Zoom uses custom congestion control algorithms whose fairness behavior is mostly unknown. Aggravatingly, video conferencing has r...
Benchmarking the performance of companies is essential to identify improvement potentials in various industries. Due to a competitive environment, this process imposes strong privacy needs, as leaked business secrets can have devastating effects on participating companies. Consequently, related work proposes to protect sensitive input data of compa...
Nowadays, collaborations between industrial companies always go hand in hand with trust issues, i.e., exchanging valuable production data entails the risk of improper use of potentially sensitive information. Therefore, companies hesitate to offer their production data, e.g., process parameters that would allow other companies to establish new prod...
The tremendous success of the IoT is overshadowed by severe security risks introduced by IoT devices and smart-phone apps to control them. Therefore, academia and industry increasingly acknowledge the use of in-network security approaches , such as IETF Manufacturer Usage Description (MUD), to restrict undesired communication. However, actual commu...
Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study w...
Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study w...
Given the tremendous success of the Internet of Things in interconnecting consumer devices, we observe a natural trend to likewise interconnect devices in industrial settings, referred to as Industrial Internet of Things or Industry 4.0. While this coupling of industrial components provides many benefits, it also introduces serious security challen...
We describe a technique for systematic testing of multi-threaded programs. We combine Quasi-Optimal Partial-Order Reduction, a state-of-the-art technique that tackles path explosion due to interleaving non-determinism, with symbolic execution to handle data non-determinism. Our technique iteratively and exhaustively finds all executions of the prog...
In past years, cloud storage systems saw an enormous rise in usage. However, despite their popularity and importance as underlying infrastructure for more complex cloud services, today’s cloud storage systems do not account for compliance with regulatory, organizational, or contractual data handling requirements by design. Since legislation increas...
In this study, a robot welding application for the control of the weld seam geometry by means of in situ image acquisition and robot trajectory correction has been investigated. For this approach, the arc centroid position of the process images was correlated with the weld seam flank ratio of the examined fillet weld seam application. The correctio...
We describe a technique for systematic testing of multi-threaded programs. We combine Quasi-Optimal Partial-Order Reduction, a state-of-the-art technique that tackles path explosion due to interleaving non-determinism, with symbolic execution to handle data non-determinism. Our technique iteratively and exhaustively finds all executions of the prog...
Bitcoin was the first successful decentralized cryptocurrency and remains the most popular of its kind to this day. Despite the benefits of its blockchain, Bitcoin still faces serious scalability issues, most importantly its ever-increasing blockchain size. While alternative designs introduced schemes to periodically create snapshots and thereafter...
Distributed anonymity services, such as onion routing networks or cryptocurrency tumblers, promise privacy protection without trusted third parties. While the security of these services is often well-researched, security implications of their required bootstrapping processes are usually neglected: Users either jointly conduct the anonymization them...
A connected, digitalized welding production unlocks vast and dynamic potentials: from improving state-of-the-art welding to new business models in production. For this reason, offering frameworks, which are capable of addressing multiple layers of applications on the one hand and providing means of data security and privacy for ubiquitous dataflows...
In the production industry, the volume, variety, and velocity of data as well as the number of deployed protocols increase exponentially due to the influences of the Internet-of-Things (IoT) advances. While hundreds of isolated solutions exist to utilize these data, e.g., optimizing processes or monitoring machine conditions, the lack of a unified...
Traditionally, the university landscape is highly federated, which hinders potentials for coordinated collaborations. While the lack of a strict hierarchy on the inter-university level is critical for ensuring free research and higher education, this concurrency limits the access to high-quality education materials. Especially regarding resources s...
Sharing data between companies throughout the supply chain is expected to be beneficial for product quality as well as for the economical savings in the manufacturing industry. To utilize the available data in the vision of an Internet of Production (IoP) a precise condition monitoring of manufacturing and production processes that facilitates the...
By offering the possibility to already perform processing as packets traverse the network, programmable data planes open up new perspectives for applications suffering from strict latency and high bandwidth requirements. Real-time Computer Vision (CV), with its high data rates and often mission- and safety-critical roles in the control of autonomou...
Recent research shows many benefits for cloud workloads and network operations when putting software functionality onto switches. Sharing the physical resources of a programmable switch between multiple tenants and workloads enables the widespread deployment of on-switch software functionality. Currently, changing the program on a programmable swit...
QUIC, as the foundation for HTTP/3, is becoming an Internet reality. A plethora of studies already show that QUIC excels beyond TCP+ TLS+HTTP/2. Yet, these studies compare a highly optimized QUIC Web stack against an unoptimized TCP-based stack. In this paper, we bring TCP up to speed to perform an eye-level comparison. Instead of relying on techni...
Web 2.0, social media, cloud computing, and IoT easily connect people around the globe, overcoming time and space barriers, and offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for protecting users' privacy. From the user perspective, data disclosure depends, in part, on the...
Sheet-metal blanking is a class of metal fabricating processes that separate a metal workpiece from a primary metal sheet through a shearing process. Industry experts observe fluctuations in tool life and product quality, which is associated with fluctuations in microstructural parameters between and along material coils. With a methodology, that p...
The Internet of Production (IoP) envisions the interconnection of previously isolated CPS in the area of manufacturing across institutional boundaries to realize benefits such as increased profit margins and product quality as well as reduced product development costs and time to market. This interconnection of CPS will lead to a plethora of new da...
Website fingerprinting (WFP) is a special type of traffic analysis, which aims to infer the websites visited by a user. Recent studies have shown that WFP targeting Tor users is notably more effective than previously expected. Concurrently, state-of-the-art defenses have been proven to be less effective. In response, we present a novel WFP defense...
QUIC, as the foundation for HTTP/3, is becoming an Internet reality. A plethora of studies already show that QUIC excels beyond TCP+TLS+HTTP/2. Yet, these studies compare a highly optimized QUIC Web stack against an unoptimized TCP-based stack. In this paper, we bring TCP up to speed to perform an eye-level comparison. Instead of relying on technic...
With the move of Software-defined networking from fixed to programmable data planes, network functions are written with P4 or eBPF for targets such as programmable switches, CPU based flow processors [5] and commodity CPUs [7]. These data plane programs are, however, limited in per-packet time budget [3] (e.g., 67.2 ns at 10GbE) and program size, m...
Transport protocols use congestion control to avoid overloading a network. Nowadays, different congestion control variants exist that influence performance. Studying their use is thus relevant, but it is hard to identify which variant is used. While passive identification approaches exist, these require detailed domain knowledge and often also rely...
Existing performance comparisons of QUIC and TCP compared an optimized QUIC to an unoptimized TCP stack. By neglecting available TCP improvements inherently included in QUIC, comparisons do not shed light on the performance of current web stacks. In this paper, we can show that tuning TCP parameters is not negligible and directly yields significant...
Transport protocols use congestion control to avoid overloading a network. Nowadays, different congestion control variants exist that influence performance. Studying their use is thus relevant, but it is hard to identify which variant is used. While passive identification approaches exist, these require detailed domain knowledge and often also rely...