Research Outputs

2022 2022 2021 2021 2020 2020 2019 2019 2018 2018 2017 2017 2016 2016 2015 2015 2014 2014 2013 2013 0.0 0.0 1.0 1.0 2.0 2.0 3.0 3.0 4.0 4.0 5.0 5.0 6.0 6.0
Now showing 1 - 10 of 20
  • Publication
    A Security Cost Modelling Framework for Cyber-Physical Systems
    (ACM, 2022-05) ; ;
    Gouglidis, Antonios 
    ;
    Mauthe, Andreas 
    ;
    Cyber-Physical Systems (CPS) are formed through interconnected components capable of computation, communication, sensing and changing the physical world. The development of these systems poses a significant challenge since they have to be designed in a way to ensure cyber-security without impacting their performance. This article presents the Security Cost Modelling Framework (SCMF) and shows supported by an experimental study how it can be used to measure, normalise and aggregate the overall performance of a CPS. Unlike previous studies, our approach uses different metrics to measure the overall performance of a CPS and provides a methodology for normalising the measurement results of different units to a common Cost Unit. Moreover, we show how the Security Costs can be extracted from the overall performance measurements which allows to quantify the overhead imposed by performing security-related tasks. Furthermore, we describe the architecture of our experimental testbed and demonstrate the applicability of SCMF in an experimental study. Our results show that measuring the overall performance and extracting the security costs using SCMF can serve as basis to redesign interactions to achieve the same overall goal at less costs.
      167Scopus© Citations 2
  • Publication
    A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment
    (2019)
    Esfahani, A. 
    ;
    Mantas, G. 
    ;
    Matischek, R. 
    ;
    Saghezchi, F. 
    ;
    ; ; ;
    Schmittner, Ch. 
    ;
    Bastos, J. 
    In the emerging industrial Internet of Things (IIoT) era, machine-to-machine (M2M) communication technology is considered as a key underlying technology for building IIoT environments, where devices (e.g., sensors, actuators, and gateways) are enabled to exchange information with each other in an autonomous way without human intervention. However, most of the existing M2M protocols that can be also used in the IIoT domain provide security mechanisms based on asymmetric cryptography resulting in high computational cost. As a consequence, the resource-constrained IoT devices are not able to support them appropriately and thus, many security issues arise for the IIoT environment. Therefore, lightweight security mechanisms are required for M2M communications in IIoT in order to reach its full potential. As a step toward this direction, in this paper, we propose a lightweight authentication mechanism, based only on hash and XOR operations, for M2M communications in IIoT environment. The proposed mechanism is characterized by low computational cost, communication, and storage overhead, while achieving mutual authentication, session key agreement, device's identity confidentiality, and resistance against the following attacks: replay attack, man-in-the-middle attack, impersonation attack, and modification attack.
      562  820Scopus© Citations 207
  • Publication
      271  570
  • Publication
    Risk Management and Standard Compliance for Cyber-Physical Systems of Systems
    (Scientific Association for Infocommunications (HTE), 2021) ;
    Chlup, Sebastian 
    ;
    Shaaban, Abdelkader Magdy 
    ;
    Schmittner, Christoph 
    ;
    Pinzenöhler, Andreas 
    ;
    ;
    The Internet of Things (IoT) and cloud technologies are increasingly implemented in the form of Cyber-Physical Systems of Systems (CPSoS) for the railway sector. In order to satisfy the security requirements of Cyber-Physical Systems (CPS), domainspecific risk identification assessment procedures have been developed. Threat modelling is one of the most commonly used methods for threat identification for the security analysis of CPSoS and is capable of targeting various domains. This paper reports our experience of using a risk management framework identify the most critical security vulnerabilities in CPSoS in the domain and shows the broader impact this work can have on the domain of safety and security management. Moreover, we emphasize the application of common analytical methods for cyber-security based on international industry standards to identify the most vulnerable assets. These will be applied to a meta-model for automated railway systems in the concept phase to support the development and deployment of these systems. Furthermore, it is the first step to create a secure and standard complaint system by design.
      105  432Scopus© Citations 8
  • Publication
      132Scopus© Citations 1
  • Publication
    Impact of Critical Infrastructure Requirements on Service Migration Guidelines to the Cloud
    (IEEE, 2015)
    Wagner, Christian 
    ;
    Hudic, Aleksandar 
    ;
    ; ;
    Pallas, Frank 
    A high level of information security in critical infrastructure IT systems and services has to be preserved when migrating their IT services to the cloud. Often various legislative and security constraints have to be met in line with best practice guidelines and international standards to perform the migration. To support the critical infrastructure providers in migrating their services to the cloud we are developing a process based migration guideline for critical infrastructure providers focusing on information security. First of all we investigate, via questionnaires, how the importance of individual security topics covered in such guidelines differentiates between industry stakeholders and critical infrastructure providers. This supports the selection of relevant security topics and the considered guidelines and standards, which we survey in search for common relevant security topics. Subsequently we present the analysis of the above-mentioned security requirements and how they affect a here developed taxonomy for a process-based security guideline. Furthermore we present potential service migration use cases and how our methodology would affect the migration of secure critical infrastructure services.
      151Scopus© Citations 4
  • Publication
      530  525
  • Publication
    Security standard compliance and continuous verification for Industrial Internet of Things
    (Sage, 2020) ; ;
    Delsing, Jerker 
    Due to globalization and digitalization of industrial systems, standard compliance is gaining more attention. In order to stay competitive and remain in business, different sectors within industry are required to comply with multiple regulations. Compliance aims to fulfill regulations by including all measures imposed by laws and standards. Every device, application, or service implements several technologies at many levels, and standards support interoperability across them. They help to create global markets for industries and enable networked development in order to be successful and sustainable. This work highlights the importance of standard compliance and continuous verification in industrial Internet of Things and implements an automatic monitoring and standard compliance verification framework. In this work, we focus on security, safety, and organizational aspects of industrial Internet of Things. We identify a number of standards and best practice guidelines, which are used to extract security, safety, and organizational measurable indicator points. In addition, a metric model is provided that forms the basis for the necessary information needed for compliance verification, including requirements, standards, and metrics. Also, we present the prototype of the monitoring and standard compliance verification framework used to show the security compliance of an industrial Internet of Things use case.
      121  1240Scopus© Citations 11
  • Publication
    Function-as-a-Service Benchmarking Framework
    Cloud Service Providers deliver their products in form of ”as-a-Service”, which are typically categorized by the level of abstraction. This approach hides the implementation details and shows only functionality to the user. However, the problem is that it is hard to measure the performance of Cloud services, because they behave like black boxes. Especially with Function-as-a-Service it is even more difficult because it completely hides server and infrastructure management from users by design. Cloud Service Prodivers usually restrict the maximum size of code, memory and runtime of Cloud Functions. Nevertheless, users need clarification if more ressources are needed to deliver services in high quality. In this regard, we present the architectural design of a new Function-as-a-Service benchmarking tool, which allows users to evaluate the performance of Cloud Functions. Furthermore, the capabilities of the framework are tested on an isolated platform with a specific workload. The results show that users are able to get insights into Function-as-a-Service environments. This, in turn, allows users to identify factors which may slow down or speed up the performance of Cloud Functions.
      509Scopus© Citations 1