Thomas C. Schmidt

Thomas C. Schmidt
Hochschule für Angewandte Wissenschaften Hamburg | HAW · Department of Computer Science

Dr. rer. nat.

About

443
Publications
72,629
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
3,824
Citations
Citations since 2016
143 Research Items
2644 Citations
20162017201820192020202120220100200300400
20162017201820192020202120220100200300400
20162017201820192020202120220100200300400
20162017201820192020202120220100200300400
Introduction
Thomas C. Schmidt currently works at the Department of Computer Science , Hochschule für Angewandte Wissenschaften Hamburg. Thomas does research in Computer Networks, Internet Technologies, and Internet Security. Their current projects are 'Internet of Things with RIOT', 'Information Centric Networking', and 'BGP Security'.
Additional affiliations
April 2004 - present
Hochschule für Angewandte Wissenschaften Hamburg
Position
  • Professor (Full)
December 1995 - March 2004
Hochschule für Technik und Wirtschaft Berlin
Position
  • Head of Computer Center

Publications

Publications (443)
Conference Paper
Full-text available
Web content delivery is one of the most important services on the Internet. Access to websites is typically secured via TLS. However, this security model does not account for prefix hijacking on the network layer, which may lead to traffic blackholing or transparent interception. Thus, to achieve comprehensive security and service availability, add...
Conference Paper
The Great Cannon DDoS attack has shown that HTML/JavaScript can be used to launch HTTP-based DoS attacks. In this paper, we identify options that could allow the implementation of the general idea of browser-based DDoS botnets and review ways how attackers can acquire bots (e.g., typosquatting and malicious ads). We then assess the DoS impact of br...
Conference Paper
Full-text available
This paper explores the feasibility, advantages, and challenges of an ICN-based approach in the Internet of Things. We report on the first NDN experiments in a life-size IoT deployment, spread over tens of rooms on several floors of a building. Based on the insights gained with these experiments, the paper analyses the shortcomings of CCN applied t...
Article
Full-text available
Information-centric networking proposals attract much attention in the ongoing search for a future communication paradigm of the Internet. Replacing the host-to-host connectivity by a data-oriented publish/subscribe service eases content distribution and authentication by concept, while eliminating threats from unwanted traffic at an end host as ar...
Article
Full-text available
Handovers in mobile packet networks commonly produce packet loss, delay and jitter, thereby significantly degrading network performance. Mobile IPv6 handover performance is strongly topology dependent and results in inferior service quality in wide area scenarios. To approach seamless mobility in IPv6 networks predictive, reactive and proxy schemes...
Preprint
In this paper, we revisit the performance of the QUIC connection setup and relate the design choices for fast and secure connections to common Web deployments. We analyze over 1M Web domains with 272k QUIC-enabled services and find two worrying results. First, current practices of creating, providing, and fetching Web certificates undermine reduced...
Preprint
The IPv6 over Bluetooth Low Energy (BLE) standard defines the transfer of IP data via BLE connections. This connection-oriented approach provides high reliability but increases packet delays and requires substantial overhead to manage BLE connections. To overcome these drawbacks we present the design and implementation of IPv6 over BLE advertisemen...
Preprint
Connecting long-range wireless networks to the Internet imposes challenges due to vastly longer round-trip-times (RTTs). In this paper, we present an ICN protocol framework that enables robust and efficient delay-tolerant communication to edge networks. Our approach provides ICN-idiomatic communication between networks with vastly different RTTs. W...
Preprint
In this paper, we study the potentials of passive measurements to gain advanced knowledge about QUIC deployments. By analyzing one month backscatter traffic of the /9 CAIDA network telescope, we are able to make the following observations. First, we can identify different off-net deployments of hypergiants, using packet features such as QUIC source...
Preprint
IoT devices differ widely in crypto-supporting hardware, ranging from no hardware support to powerful accelerators supporting numerous of operations including protected key storage. An operating system should provide uniform access to these heterogeneous hardware features, which is a particular challenge in the resource constrained IoT. Effective s...
Article
Long range radio communication is preferred in many IoT deployments as it avoids the complexity of multi-hop wireless networks. LoRa is a popular, energy-efficient wireless modulation but its networking substrate LoRaWAN introduces severe limitations to its users. In this paper, we present and thoroughly analyze DSME-LoRa, a system design of LoRa w...
Preprint
In this paper, we present the design, implementation, and analysis of DNS over CoAP (DoC), a new proposal for secure and privacy-friendly name resolution of constrained IoT devices. We implement different design choices of DoC in RIOT, an open-source operating system for the IoT, evaluate performance measures in a testbed, compare with DNS over UDP...
Preprint
Long range radio communication is preferred in many IoT deployments as it avoids the complexity of multi-hop wireless networks. LoRa is a popular, energy-efficient wireless modulation but its networking substrate LoRaWAN introduces severe limitations to its users. In this paper, we present and thoroughly analyze DSME-LoRa, a system design of LoRa w...
Preprint
The critical remote-code-execution (RCE) Log4Shell is a severe vulnerability that was disclosed to the public on December 10, 2021. It exploits a bug in the wide-spread Log4j library. Any service that uses the library and exposes an interface to the Internet is potentially vulnerable. In this paper, we measure the rush of scanners during the two mo...
Preprint
This paper presents LoRa-ICN, a comprehensive IoT networking system based on a common long-range communication layer (LoRa) combined with Information-Centric Networking (ICN) principles. We have replaced the LoRaWAN MAC layer with an IEEE 802.15.4 Deterministic and Synchronous Multi-Channel Extension (DSME). This multifaceted MAC layer allows for d...
Preprint
Constrained devices on the Internet of Things (IoT) continuously produce and consume data. LwM2M manages millions of these devices in a server-centric architecture, which challenges edge networks with expensive uplinks and time-sensitive use cases. In this paper, we contribute two LwM2M extensions to enable client-to-client (C2C) communication: (i)...
Preprint
Current designs of future In-Vehicle Networks (IVN) prepare for switched Ethernet backbones, which can host advanced LAN technologies such as IEEE Time-Sensitive Networking (TSN) and Software-Defined Networking (SDN). In this work, we present an integrated Time-Sensitive Software-Defined Networking (TSSDN) architecture that simultaneously enables c...
Article
Full-text available
When the global rollout of the DNS Security Extensions (DNSSEC) began in 2005, a first-of-its-kind trial started: The complexity of a core Internet protocol was magnified in favor of better security for the overall Internet. Thereby, the scale of the loosely-federated delegation in DNS became an unprecedented cryptographic key management challenge....
Article
Current designs of future In-Vehicle Networks (IVN) prepare for switched Ethernet backbones, which can host advanced LAN technologies such as IEEE Time-Sensitive Networking (TSN) and Software-Defined Networking (SDN). In this paper, we present an integrated Time-Sensitive Software-Defined Networking (TSSDN) architecture that simultaneously enables...
Preprint
Connected cars are vulnerable to cyber attacks. Security challenges arise from vehicular management uplinks, from signaling with roadside units or nearby cars, as well as from common Internet services. Major threats arrive from bogus traffic that enters the in-car backbone, which will comprise of Ethernet technologies in the near future. Various se...
Preprint
LoRa is a popular wireless technology that enables low-throughput (bytes) long-range communication (km) at low energy consumption (mW). Its transmission, though, is on one side prone to interference during long on-air times, and on the other side subject to duty cycle restrictions. LoRaWAN defines a MAC and a vertical stack on top of LoRa. LoRaWAN...
Article
The Information centric networking paradigm has proven particularly useful for the constrained Internet of Things (IoT), in which nodes are challenged by end-to-end communication without network assistance. This work focuses on the interaction between possibly mobile sensors and actuators in such IoT regimes which deploy the Named-Data Networking (...
Article
Developing an operating systems (OSs) for low-end embedded devices requires continuous adaptation to new hardware architectures and components, while serviceability of features needs to be assured for each individual platform under tight resource constraints. It is challenging to design a versatile and accurate heterogeneous test environment that i...
Preprint
Large-scale Internet scans are a common method to identify victims of a specific attack. Stateless scanning like in ZMap has been established as an efficient approach to probing at Internet scale. Stateless scans, however, need a second phase to perform the attack, which remains invisible to network telescopes that only capture the first incoming p...
Preprint
In this short paper, we revisit the open DNS (ODNS) infrastructure and, for the first time, systematically measure and analyze transparent forwarders, DNS components that transparently relay between stub resolvers and recursive resolvers. Our key findings include four takeaways. First, transparent forwarders contribute 26% (563k) to the current ODN...
Preprint
Real-time networks based on Ethernet require robust quality-of-service for time-critical traffic. The Time-Sensitive Networking (TSN) collection of standards enables this in real-time environments like vehicle on-board networks. Runtime reconfigurations in TSN must respect the deadlines of real-time traffic. Software-Defined Networking (SDN) moves...
Preprint
When the global rollout of the DNS Security Extensions (DNSSEC) began in 2005, it started a first-of-its-kind trial: increasing complexity of a core Internet protocol in favor of better security for the overall Internet. The necessary cryptographic key management is made particularly challenging by DNS' loosely-federated delegation substrate and un...
Preprint
In this paper, we shed new light on the DNS amplification ecosystem, by studying complementary data sources, bolstered by orthogonal methodologies. First, we introduce a passive attack detection method for the Internet core, i.e., at Internet eXchange Points (IXPs). Surprisingly, IXPs and honeypots observe mostly disjoint sets of attacks: 96% of IX...
Preprint
In this paper, we present first measurements of Internet background radiation originating from the emerging transport protocol QUIC. Our analysis is based on the UCSD network telescope, correlated with active measurements. We find that research projects dominate the QUIC scanning ecosystem but also discover traffic from non-benign sources. We argue...
Preprint
Security in the Internet of Things (IoT) requires ways to regularly update firmware in the field. These demands ever increase with new, agile concepts such as security as code and should be considered a regular operation. Hosting massive firmware roll-outs present a crucial challenge for the constrained wireless environment. In this paper, we explo...
Article
Content objects are confined data elements that carry meaningful information. Massive amounts of content objects are published and exchanged every day on the Internet. The emerging Internet of Things (IoT) augments the network edge with reading sensors and controlling actuators that comprise machine-to-machine communication using small data objects...
Preprint
Developing an operating system (OS) for low-end embedded devices requires continuous adaptation to new hardware architectures and components, while serviceability of features needs to be assured for each individual platform under tight resource constraints. It is challenging to design a versatile and accurate heterogeneous test environment that is...
Article
Random numbers are an essential input to many functions on the Internet of Things (IoT). Common use cases of randomness range from low-level packet transmission to advanced algorithms of artificial intelligence as well as security and trust, which heavily rely on unpredictable random sources. In the constrained IoT, though, unpredictable random sou...
Article
Common use cases in the Industrial Internet of Things (IIoT) deploy massive amounts of sensors and actuators that communicate with each other or to a remote cloud. While they form too large and too volatile networks to run on ultrareliable, time-synchronized low-latency channels, participants still require reliability and latency guaranties. We ela...
Article
Full-text available
Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide‐area communication. ICS now exchange insecure traffic on an inter‐domain level, putting at risk not only common critical...
Preprint
Content replication to many destinations is a common use case in the Internet of Things (IoT). The deployment of IP multicast has proven inefficient, though, due to its lack of layer-2 support by common IoT radio technologies and its synchronous end-to-end transmission, which is highly susceptible to interference. Information-centric networking (IC...
Article
Energy-constrained sensor nodes can adaptively optimize their energy consumption if a continuous measurement is provided. This is of particular importance in scenarios of high dynamics such as with energy harvesting. Still, self-measuring of power consumption at reasonable cost and complexity is unavailable as a generic system service. In this arti...
Preprint
Clock configuration within constrained general-purpose microcontrollers takes a key role in tuning performance, power consumption, and timing accuracy of applications in the Internet of Things (IoT). Subsystems governing the underlying clock tree must nonetheless cope with a huge parameter space, complex dependencies, and dynamic constraints. Manuf...
Chapter
The Industrial Internet of Things (IIoT) is raising a new set of challenges. Massive deployments of low-power devices connected by lossy wireless links spread mission—sometimes safety—critical functions across machinery. Appropriate networking solutions need to be in place to scale up to the huge numbers of participants and at the same time compens...
Article
Full-text available
This paper evaluates four forwarding strategies for fragmented datagrams in the Internet of Things (IoT). We focus on classic end-to-end fragmentation, hop-wise reassembly, a minimal approach to direct forwarding of fragments, and direct forwarding utilizing selective fragment recovery. To fully analyze the potentials of selective fragment recovery...
Article
The low-power Internet of Things (IoT) introduces lossy radio links with ultra-constrained frame sizes and high transmission cost for each byte. Information Centric Networking (ICN) is considered a promising communication technology in this regime, as it increases reliability by ubiquitous caching and eases transmission efforts by hop-wise forwardi...
Conference Paper
Ethernet wird zunehmend Bestandteil moderner Fahrzeugnetze und bildet die aussichtsreichste Technologie für künftige Hochgeschwindigkeits-Backbones im Auto. ‘Connected Vehicles’ öffnen gleichzeitig ihre internen Fahrzeugnetzwerke nach außen und ermöglichen so eine Vielzahl neuer Angriffe, für die neue Sicherheitskonzepte entwickelt werden müssen. S...
Preprint
Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs) via domain busses. A gateway forwards messages between these domains. Automotive Ethernet emerges as a flat, high-speed backbone technology for IVNs that carries the various control flows within Ethernet frames. Recently, Software-Defined-Networking (SDN) has been identified...
Poster
In this poster, we discuss design options for a LoRaWAN and LoRa transmission system to employing Information-Centric Networking (ICN). ICN has been successfully applied to LoWPAN scenarios and can provide many benefits with respect to object-based security, performance, disruption tolerance and usability. Our findings indicate that the current LoR...
Preprint
Full-text available
During disasters, crisis, and emergencies the public relies on online services provided by authorities to receive timely alerts, trustworthy information, and access to relief programs. It is therefore crucial for the authorities to reduce risks when accessing their Web services. This includes proper naming (e.g., against phishing attacks), name pro...
Preprint
Security and trust are essential building blocks for the emerging Internet of Things (IoT)-both heavily rely on ubiquitously available crypto primitives with integrity and robustness. In the constrained IoT, this is a challenging desire due to limited availability of memory, CPU cycles, energy, and external data sources. Random input forms such a c...
Preprint
Inter-connected sensors and actuators have scaled down to small embedded devices such as wearables, and at the same time meet a massive deployment at the Internet edge: the Internet of Things (IoT). Many of these IoT devices run on low-power batteries and are forced to operate on very constrained resources, namely slow CPUs, tiny memories, and low-...
Article
The Internet of Things (IoT) comprises a relevant class of applications that require Quality of Service (QoS) assurances. Information Centric Networking (ICN) has shown promising characteristics in constrained wireless networks, but differentiated QoS has not yet fully emerged. In this paper, we design and analyze a QoS scheme that manages the NDN...
Preprint
The emerging Internet of Things (IoT) challenges the end-to-end transport of the Internet by low power lossy links and gateways that perform protocol translations. Protocols such as CoAP or MQTT-SN are weakened by the overhead of DTLS sessions, which in common deployment protect content transfer only up to the gateway. To preserve end-to-end conten...
Conference Paper
Ethernet is the most promising solution to reduce complexity and enhance the bandwidth in the next generation in-car networks. Dedicated Ethernet protocols enable the real-time aspects in such networks. One promising candidate is the IEEE 802.1Q Time-Sensitive Networking protocol suite. Common Ethernet technologies, however, increases the vulnerabi...
Conference Paper
Ethernet has become the next standard for automotive and industrial automation net- works. Standard extensions such as IEEE 802.1Q Time-Sensitive Networking (TSN) have been proven to meet the real-time and robustness requirements of these environments. Augmenting the TSN switching by Software-Defined Networking functions promises additional benefit...
Preprint
IP spoofing enables reflection and amplification attacks, which cause major threats to the current Internet infrastructure. IP packets with incorrect source addresses would help to improve the situation. This is easy at the attacker's network, but very challenging at Internet eXchange Points (IXPs) or in transit networks. In this reproducibility st...
Conference Paper
In this paper, we present Eco, a hardware-software co-design enabling generic energy management on IoT nodes. Eco is tailored to devices with limited resources and thus targets most of the upcoming IoT scenarios. The proposed measurement module combines commodity components with common system interfaces to achieve easy, flexible integration with va...
Preprint
Full-text available
Service-Oriented Architecture (SOA) is about to enter automotive networks based on the SOME/IP middleware and an Ethernet high-bandwidth communication layer. It promises to meet the growing demands on connectivity and flexibility for software components in modern cars. Largely heterogeneous service requirements and time-sensitive network functions...
Conference Paper
Full-text available
Large Distributed Denial-of-Service (DDoS) attacks pose a major threat not only to end systems but also to the Internet infrastructure as a whole. Remote Triggered Black Hole filtering (RTBH) has been established as a tool to mitigate inter-domain DDoS attacks by discarding unwanted traffic early in the network, e.g., at Internet eXchange Points (I...
Conference Paper
In this demo, we showcase NDNSSEC. NDNSSEC provides a namespace management solution for named-data networking (NDN) based on the DNS ecosystem and its security extensions. Our prototype allows content consumers to verify the name ownership in commonly used NDN software.