|
|
2008
Dirk Henrici: RFID Security and Privacy - Concepts, Protocols and Architectures Lecture Notes in Electrical Engineering; Springer publishing company; Germany; 2008 ISBN 978-3-540-79075-4 This book introduces into security and privacy issues of RFID technology. It not only provides an overview of the current state-of-the-art but also presents current research results. Available at amazon.de: RFID Security and Privacy: Concepts, Protocols, and Architectures (Lecture Notes Electrical Engineering)
Bernd Reuther, Dirk Henrici: A model for service-oriented communication systems Journal of Systems Architecture, vol. 54, issue 6; Elsevier, June 2008 DOI: http://dx.doi.org/10.1016/j.sysarc.2007.12.001 Using innovative protocols at the transport or network layer is difficult today. Even if such protocols become available, most applications are not able to utilize them because usage of TCP/IP is hard coded into the application. Service-oriented communication systems (SOCS) aim to decouple applications from lower level protocols. Therefore, a service-oriented interface between applications and the transport layer is introduced. A broker mediates transport service requests to appropriate configurations of transport service providers. A flexible and protocol independent specification schema for defining service requirements and offers is regarded as a key element for such an interface. The specification schema enables short and simple descriptions as well as detailed and sophisticated descriptions and can thus scale with information available about service providers, network status, as well as application and user requirements.
Dirk Henrici, Patric de Waha, Paul Müller: Bridging the Gap Between Pervasive Devices and Global Networks International Symposium on Collaborative Technologies and Systems (CTS 2008), Workshop on Distributed Collaborative Sensor Networks, Mai 19th - 23rd 2008; Irvine, California; USA For the future, it is envisioned that an incredibly high number of inexpensive pervasive devices surrounds us. These devices are networked so that they can exchange data with their environment. Already today we have global networks like the Internet, and there are already many attempts to connect sensors and actuators to these networks. However, there are a variety of problems like security, scalability, reliability, as well as resource and cost constraints. In this paper, we will present an advanced architecture for bridging the gap between pervasive devices like wireless sensors and the Internet. Various widespread concepts and technologies are combined to create a practical solution.
Dirk Henrici, Paul Müller: Providing Security and Privacy in RFID Systems Using Triggered Hash Chains Sixth Annual IEEE International Conference on Pervasive Computing and Communications, PerCom 2008, March 17th - 21st 2008; Kowloon; Hongkong RFID technology shall increase security, e.g. by helping to prevent counterfeiting. But the technology also causes privacy issues. In this paper, after highlighting goals and problems, an approach called "Triggered Hash Chains" is proposed to address the problems. The approach combines concepts of two very different, widely known RFID protocols, i.e. the "Hash-based ID variation" approach and the "Hash chain" approach. The resulting proposal joins the advantages of both protocols. The approach is evaluated using a variety of criteria that are relevant in practice. 2007
Dirk Henrici, Patric de Waha: Vereinfachung der Administration von IP-Netzwerken mit dynamischer Hostkonfiguration 21st DFN-Arbeitstagung, Mai 29th - June 1st 2007; Kaiserslautern; Germany Mit DHCP (Dynamic Host Configuration Protocol) ist es möglich, Netzwerkgeräten beim Anschluss an das Netzwerk dynamisch eine IP-Adresse zuzuweisen. Aus der Sicht des Netzwerkmanagements ist jedoch eine statische Konfiguration vorzuziehen, weil damit bei Netzmissbrauch leichter auf den Verursacher geschlossen werden kann. In diesem Beitrag wird gezeigt, wie sich die Vorzüge beider Verfahren vereinen lassen. Der DHCP-Dienst wird so beeinflusst, dass IP-Adressen abhängig von dem Ort der physikalischen Anbindung des Nutzers (Port/Netzwerkdose) zugewiesen werden. Dies erhöht die Transparenz für Administratoren, da aus einer IP-Adresse gleich auf die geographische Position des Nutzers geschlossen werden kann. 2006
Bernd Reuther, Dirk Henrici: A Model for Service-Oriented Communication Systems 32nd EUROMICRO Conference, August 29th until September 1st, 2006; Cavtat/Dubrovnik; Croatia Like most software products, protocols are continuously enhanced and new protocols are developed. But especially new protocols of the transport layer can not be utilized widely easily. Even if the new protocols are made available, it is still necessary to adapt many applications or the protocols are not used by the majority of applications otherwise. The current situation is that only very limited enhancements of protocols are possible without changing applications. The proposed solution is to let applications use communications services only instead of protocols. A model for service-oriented communications systems that follows the concepts of service-oriented architectures is introduced. The model enables choosing and configuring protocols autonomously with regard to environmental and temporal conditions.
Dirk Henrici, Joachim Götze, Paul Müller: A Hash-based Pseudonymization Infrastructure for RFID Systems IEEE Security, Privacy and Trust in Pervasive and Ubiquitous Computing International Workshop (IEEE SecPerU 2006) at IEEE International Conference on Pervasive Services (ICPS 2006); June 29th, 2006; Lyon; France Many proposals have been made to solve the privacy implications of RFID systems: The main idea to ensure location privacy is to change the identifiers of RFID tags regularly. For building inter-organizational RFID systems, pseudonyms can be used to provide a link to the respective owner of a tag without affecting location privacy. Based on these considerations, in this paper a pseudonymization infrastructure is presented that is based on one-way hash functions and thus is a better fit for the specific demands of resource scarce tags than approaches based on public key cryptography.
Bernd Reuther, Dirk Henrici: TCP/IP und UDP/IP - ist da sonst gar nichts mehr? 20th DFN-Arbeitstagung, June 6th-9th 2006; Heilbronn; Germany TCP/IP und UDP/IP sind heute die dominierenden Transport- und Netzwerkprotokolle. Es existieren zwar alternative Protokolle, diese werden jedoch in der Praxis nur selten genutzt. Problematisch ist, dass neue oder spezialisierte Protokolle explizit von den Anwendungen unterstützt werden müssen. Hier wird ein Modell vorgestellt, das Applikationen Transportdienste anbietet, wobei die verwendeten Protokolle für die Applikation transparent sind. Geeignete Protokolle werden unter Berücksichtigung der Ausführungsumgebung zur Laufzeit auswählt und konfiguriert.
Dirk Henrici, Joachim Götze, Paul Müller: Hash-based Pseudonymity for Ubiquitous Devices International Conference on Computational Science and its Applications, UASS'06 Ubiquitous Application & Security Service; May 8th-11th, 2006; Glasgow; UK The concept of onion routing is a well known technique for implementing pseudonymous communication in the Internet. Unfortunately, it heavily relies on enciphering and deciphering which is well beyond the capabilities of resource-scarce ubiquitous devices like RFID transponders. This paper presents a more lightweight technique with similar characteristics that is based on one-way hash functions. 2005
Dirk Henrici, David Prantl, Paul Müller: Site Multihoming and Provider-Independent Addressing Using IPv6 International Conference on Communication Systems and Applications (part of the 5th IASTED International Multi-Conference on Wireless and Optical Communications); CSA 2005; July 19th-21st, 2005; Banff, Alberta; Canada Using IPv6, multihoming and Internet service provider migration are still not satisfactorily solved problems. This leads to delay in the adaptation of the new protocol version. This contribution aims to address both of the two stated problems while retaining the advantages of strictly hierarchical addressing and routing.
The solution presented in this paper consists of two building blocks: So called "Unique Local Addresses" that are intended to be used instead of the deprecated IPv6 site local addresses can be employed as globally valid, provider-independent identifiers. Using address mapping at site exit routers, a feature-rich multihoming solution can be created without breaking the end-to-end model. The proposed solution has many advantages: It is simple and compatible to current Internet standards. No changes at all are required at hosts, and the solution is designed to keep network management easy.
Dirk Henrici, Jochen Müller: Data Security in Service-Oriented Architectures 19th DFN-Arbeitstagung, May 18th-20th 2005; Düsseldorf; Germany Due to standardized interfaces and loose coupling of services, service-oriented architectures provide the possibility for close interaction between different organizations and communities. But this also introduces new risks: To have under control where which data is processed becomes increasingly difficult. This paper highlights that current approaches for ensuring data privacy and required security mechanisms are no longer adequate under these changing conditions and presents possible solutions discussed by researchers and developers. Additionally, economic implications of data privacy and security are considered.
Jochen Müller, Dirk Henrici, Markus Hillenbrand: Peer-to-Peer Architekturen für verteilte Geschäftsprozesse: Überlegungen zur Flächennutzungsplanung Workshop "Peer-to-Peer-Systeme und -Anwendungen", 14th Fachtagung Kommunikation in Verteilten Systemen (KiVS); March 3rd, 2005; Kaiserslautern; Germany Die Erstellung eines Flächennutzungsplanes ist ein langwieriger, komplexer verteilter Prozess mit zahlreichen Instanzen und Akteuren, der in einem festgelegten gesetzlichen Rahmen ablaufen muss. Die grundlegende These dieser Arbeit lautet: mit einem Peer-to-Peer Ansatz kann ein Prozess mit derartigen Charakteristika besser unterstützt werden als mit dem traditionellen Client-Server- Ansatz.
Jochen Müller, Torsten Lenhart, Dirk Henrici, Markus Hillenbrand, Paul Müller: Developing Web Applications for Mobile Devices 1st International Conference on Distributed Frameworks for Multimedia Applications, DFMA2005; Besancon; France Today even small mobile devices access the Internet. Therewith, mobility issues have become an important technical and economic topic - not only in new but in proven and successful web applications as well. The main problem derives from a growing heterogeneity in hardware and software of mobile devices. To overcome this problem, this paper presents a framework to develop Web Applications for Mobile Devices. 2004
Dirk Henrici, Paul Müller: Sicherheit und Privatsphäre in RFID-Systemen VDE-Kongress 2004; October 18th-20th, 2004; Berlin; Germany RFID-Technik hat ein enormes Potential, es gibt bereits jetzt eine Vielzahl von Anwendungen. Der Schutz der Privatsphäre hat in Entwicklung und Vermarktung der Technologie jedoch noch einen geringen Stellenwert. Im Rahmen des Beitrags wird in die mit der RFID-Technik zusammenhängenden Probleme in Bezug auf Systemsicherheit und Privatsphäre eingeführt und daraus abgeleitet, welche Maßnahmen ergriffen werden müssen.
Jochen Müller, Dirk Henrici, Paul Müller: Computer-Aided Dynamic Processes for Urban Land Use Planning 30th EUROMICRO; August 31st until September 3rd, 2004; Rennes; France Urban Land Use Planning is a sophisticated process in which many different parties are involved. A software framework aims at supporting this procedure.
Bernd Reuther, Dirk Henrici, Markus Hillenbrand: DANCE: Dynamic Application Oriented Network Services 30th EUROMICRO, August 31st - September 3rd, 2004; Rennes; France The explicit usage of protocols in applications is common practice but restricts the provided communication service. The dynamic utilization of more suitable protocols or taking into account specific user requirements is either hard to realize or even impossible. This work introduces a model which provides a service oriented view to a communication sub system. Its goal is to find the most suitable service provider. Therefore, service providers are selected dynamically at run time. This enables to take into account the requirements of both the application and the user as well as information about the current platform and network environment. Thus applications are able to benefit from uncommon protocols wherever such protocols make sense and are available.
Dirk Henrici, Jochen Müller, Paul Müller: Sicherheit und Privatsphäre in RFID-Systemen 18th DFN-Arbeitstagung, June 1st-4th 2004; Düsseldorf; Germany RFID-Systeme sind in aller Munde: Sie sollen Warenwirtschaftssysteme revolutionieren und auch in einer Vielzahl anderer Anwendungsbereiche hilfreiche Dienste leisten. Für die damit verbundene Kostenersparnis und die neuen Möglichkeiten wird der Schutz von Daten und der Privatsphäre der Nutzer noch vernachlässigt. In diesem Beitrag werden die Bedrohungen dargestellt und einige bisher vorgeschlagene Lösungsansätze diskutiert. Zur Überwindung der identifizierten Schwachstellen wird ein anwendungsneutrales Framework für RFID-Systeme vorgestellt, mit dem der Schutz der Privatsphäre technisch verankert werden kann.
Dirk Henrici, Bernd Reuther: A Unified, Protocol Independent API for Connection-Oriented and Connection-Less Protocols Invited session on "Communications and Network Systems, Technologies, and Applications" to be held on 8th World Multi-Conference on Systemics, Cybernetics, and Informatics (SCI 2004); July 18th-21st, 2004; Orlando, Florida; USA The socket interface is undisputedly the most widespread means for applications to access the communication protocols available on a computer system. Many approaches have been made to improve the interface, for instance by introducing classes that encapsulate Sockets in an object-oriented fashion.
In this paper, an API for communication services is presented that detaches from the behavior of the socket interface and introduces a user application centric view for communication services. Therefore, the API abstracts from protocol details as far as possible, thereby even hiding whether a communications protocol is connection-oriented or not. Freed from the need of thinking in terms of socket structures, new opportunities loom for application programmers and the introduction of higher-level communication services.
Dirk Henrici, Paul Müller: Tackling Security and Privacy Issues in Radio Frequency Identification Devices 2nd International Conference on Pervasive Computing, Pervasive 2004; April 21st-23rd, 2004; Linz/ Vienna; Austria This paper introduces shortly into the security and privacy issues of RFID systems and presents a simple approach to greatly enhance location privacy by changing traceable identifiers securely on every read attempt. The scheme gets by with only a single, unreliable message exchange. By employing one-way hash functions the scheme is safe from many security threats. It is intended for use in item identification but is useful in other applications as well.
Dirk Henrici, Paul Müller: Hash-based Enhancement of Location Privacy for Radio-Frequency Identification Devices using Varying Identifiers Workshop on Pervasive Computing and Communications Security, PerSec'04, in conjunction with the Second IEEE International Conference on Pervasive Computing and Communications, PerCom 2004; March 14th-17th, 2004; Orlando, Florida; USA Radio-Frequency Identification Devices (RFID) may emerge as one of the most pervasive computing technologies in history. On the one hand, with tags affixed to consumer items as well as letters, packets or vehicles costs in the supply chain can be greatly reduced and new applications introduced. On the other hand, unique means of identification in each tag like serial numbers enable effortless traceability of persons and goods. But data protection and privacy are worthwhile civil liberties.
This paper introduces a simple scheme relying on one-way hash-functions that greatly enhances location privacy by changing traceable identifiers on every read getting by with only a single, unreliable message exchange. Thereby the scheme is safe from many threats like eavesdropping, message interception, spoofing, and replay attacks.
Alexander Romanovsky (ed.) CaberNet Vision of Research and Technology Development in Distributed
and Dependable SystemsDirk Henrici, Michael Kleis, Paul Müller, Bernd Reuther, Detlef Bosau: Chapter 11: Distributed Multimedia Platforms CaberNet, Network of Excellence in Distributed and Dependable Computing
Systems IST Contract No. IST-2000-25088, 2004This document presents a CaberNet vision of Research and Technology Development (RTD) in Distributed and Dependable systems. The Network of Excellence is the collective author of this new document, which was put together by integrating contributions coming from many CaberNet partners. A dedicated CaberNet Plenary workshop (November 2003) and a one-day meeting of the CaberNet Links-to-Industry Forum (December 2003) were organized to consolidate the Network understanding of the RTD Vision. The Vision document is intended to serve as a policy-directing document. But it is equally valuable as a high level overview of recent and current activities in the selected areas, emphasizing directions in which R&D in distributed and dependable systems are likely to be moving in the future. 2003
Dirk Henrici: Gemeinsame Sache - Standard Template Library für Objekte im Shared Memory verwenden Linux-Magazin, Ausgabe 12/2003 Shared Memory ermöglicht die gemeinsame Verwendung von Variablen, Datenstrukturen und Objekten durch mehrere Prozesse und ist daher ein beliebtes Verfahren zur Interprozesskommunikation. Programmierer fühlen sich aber schnell in die Zeit zurückversetzt, in der sie verkettete Listen noch eigenhändig programmieren mussten. Die in diesem Artikel vorgestellte C++-Bibliothek gibt ihnen die Möglichkeit, die Vorteile der STL auch im Shared Memory zu nutzen.
Dirk Henrici, Bernd Reuther: Service-oriented Protocol Interfaces and Dynamic Intermediation of Communication Services 2nd IASTED International Conference on Communications, Internet and Information Technology; CIIT 2003; November 17th-19th, 2003; Scottsdale, Arizona; USA Nowadays, in the Internet almost solely UDP and TCP are being used as transport protocols. The reason is not that these are better than other protocols but that they became the “common denominator” of Internet communication due to historical evolution. In this paper, a service-oriented interface between applications and transport protocols is proposed and the multitude of looming possibilities is presented. As a service-oriented interface abstracts completely from lower layer protocols, the use of alternative protocols and further the dynamic intermediation of communication services becomes possible transparently to applications. Since today’s structures of Internet communication and the socket interface have grown over years and are thus increasingly taken for granted, this paper will present an alternative approach applying contemporary design criteria. 2002
Dirk Henrici: A Universal Scheme for the Classification of Network Services Diploma Thesis, AG Integrated Communication Systems, University of Kaiserslautern, 2002; Kaiserslautern; Germany
The full text of most publications can be accessed on the website http://dspace.icsy.de
Hauptseite...
