BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Thomas C. Schmidt

Thomas C. Schmidt contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Networking and Internet ArchitectureCryptography and Securityeess.SYPerformanceSystems and ControlDistributed, Parallel, and Cluster Computingeess.SPOperating SystemsProgramming LanguagesSoftware Engineering

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
17works
0followers
10topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

17 published item(s)

preprint2022arXiv

Delay-Tolerant ICN and Its Application to LoRa

Connecting long-range wireless networks to the Internet imposes challenges due to vastly longer round-trip-times (RTTs). In this paper, we present an ICN protocol framework that enables robust and efficient delay-tolerant communication to edge networks. Our approach provides ICN-idiomatic communication between networks with vastly different RTTs. We applied this framework to LoRa, enabling end-to-end consumer-to-LoRa-producer interaction over an ICN-Internet and asynchronous data production in the LoRa edge. Instead of using LoRaWAN, we implemented an IEEE 802.15.4e DSME MAC layer on top of the LoRa PHY and ICN protocol mechanisms in RIOT OS. Executed on off-the-shelf IoT hardware, we provide a comparative evaluation for basic NDN-style ICN [60], RICE [31]-like pulling, and reflexive forwarding [46]. This is the first practical evaluation of ICN over LoRa using a reliable MAC. Our results show that periodic polling in NDN works inefficiently when facing long and differing RTTs. RICE reduces polling overhead and exploits gateway knowledge, without violating ICN principles. Reflexive forwarding reflects sporadic data generation naturally. Combined with a local data push, it operates efficiently and enables lifetimes of >1 year for battery powered LoRa-ICN nodes.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Dynamic Clock Reconfiguration for the Constrained IoT and its Application to Energy-efficient Networking

Clock configuration takes a key role in tuning constrained general-purpose microcontrollers for performance, timing accuracy, and energy efficiency. Configuring the underlying clock tree, however, involves a large parameter space with complex dependencies and dynamic constraints. We argue for clock configuration as a generic operating system module that bridges the gap between highly configurable but complex embedded hardware and easy application development. In this paper, we propose a method and a runtime subsystem for dynamic clock reconfiguration on constrained Internet of Things (IoT) devices named ScaleClock. ScaleClock derives measures to dynamically optimize clock configurations by abstracting the hardware-specific clock trees. The ScaleClock system service grants portable access to the optimization potential of dynamic clock scaling for applications. We implement the approach on the popular IoT operating system RIOT for two target platforms of different manufacturers and evaluate its performance in static and dynamic scenarios on real devices. We demonstrate the potential of ScaleClock by designing a platform-independent dynamic voltage and frequency scaling (DVFS) mechanism that enables RIOT to autonomously adapt the hardware performance to requirements of the software currently executed. In a use case study, we manage to boost energy efficiency of constrained network communication by reducing the MCU consumption by 40 % at negligible performance impact.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Secure and Authorized Client-to-Client Communication for LwM2M

Constrained devices on the Internet of Things (IoT) continuously produce and consume data. LwM2M manages millions of these devices in a server-centric architecture, which challenges edge networks with expensive uplinks and time-sensitive use cases. In this paper, we contribute two LwM2M extensions to enable client-to-client (C2C) communication: (i) an authorization mechanism for clients, and (ii) an extended management interface to allow secure C2C access to resources. We analyse the security properties of the proposed extensions and show that they are compliant with LwM2M security requirements. Our performance evaluation on off-the-shelf IoT hardware shows that C2C communication outperforms server-centric deployments. First, LwM2M deployments with edge C2C communication yield a ~90% faster notification delivery and ~8x greater throughput compared to common server-centric scenarios, while keeping a small memory overhead of ~8%. Second, in server-centric communication, the delivery rate degrades when resource update intervals drop below 100 ms.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Secure Time-Sensitive Software-Defined Networking in Vehicles

Current designs of future In-Vehicle Networks (IVN) prepare for switched Ethernet backbones, which can host advanced LAN technologies such as IEEE Time-Sensitive Networking (TSN) and Software-Defined Networking (SDN). In this paper, we present an integrated Time-Sensitive Software-Defined Networking (TSSDN) architecture that simultaneously enables control of synchronous and asynchronous real-time and best-effort communication for all IVN traffic classes. Despite the central SDN controller, we can validate that control can operate without a delay penalty for TSN traffic, provided protocols are properly mapped. We demonstrate how TSSDN adaptably and reliably enhances network security for in-vehicle communication. A systematic investigation of the possible control flow integrations with switched Ether-networks reveals that these strategies allow for shaping the attack surface of a software-defined IVN. We discuss embeddings of control flow identifiers on different layers, covering the range from a fully exposed mapping to deep encapsulation. We experimentally evaluate these strategies in a production vehicle, which we map to a modern Ethernet topology. Our findings indicate that visibility of automotive control flows on lower network layers enables isolation and access control throughout the network infrastructure. Such a TSSDN backbone can establish and survey trust zones within the IVN and reduce the attack surface of connected cars in various attack scenarios.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

The Race to the Vulnerable: Measuring the Log4j Shell Incident

The critical remote-code-execution (RCE) Log4Shell is a severe vulnerability that was disclosed to the public on December 10, 2021. It exploits a bug in the wide-spread Log4j library. Any service that uses the library and exposes an interface to the Internet is potentially vulnerable. In this paper, we measure the rush of scanners during the two months after the disclosure. We use several vantage points to observe both researchers and attackers. For this purpose, we collect and analyze payloads sent by benign and malicious communication parties, their origins, and churn. We find that the initial rush of scanners quickly ebbed. Especially non-malicious scanners were only interested in the days after the disclosure. In contrast, malicious scanners continue targeting the vulnerability.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

PHiLIP on the HiL: Automated Multi-platform OS Testing with External Reference Devices

Developing an operating system (OS) for low-end embedded devices requires continuous adaptation to new hardware architectures and components, while serviceability of features needs to be assured for each individual platform under tight resource constraints. It is challenging to design a versatile and accurate heterogeneous test environment that is agile enough to cover a continuous evolution of the code base and platforms. This mission is even morehallenging when organized in an agile open-source community process with many contributors such as for the RIOT OS. Hardware in the Loop (HiL) testing and Continuous Integration (CI) are automatable approaches to verify functionality, prevent regressions, and improve the overall quality at development speed in large community projects. In this paper, we present PHiLIP (Primitive Hardware in the Loop Integration Product), an open-source external reference device together with tools that validate the system software while it controls hardware and interprets physical signals. Instead of focusing on a specific test setting, PHiLIP takes the approach of a tool-assisted agile HiL test process, designed for continuous evolution and deployment cycles. We explain its design, describe how it supports HiL tests, evaluate performance metrics, and report on practical experiences of employing PHiLIP in an automated CI test infrastructure. Our initial deployment comprises 22 unique platforms, each of which executes 98 peripheral tests every night. PHiLIP allows for easy extension of low-cost, adaptive testing infrastructures but serves testing techniques and tools to a much wider range of applications.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

IoT Content Object Security with OSCORE and NDN: A First Experimental Comparison

The emerging Internet of Things (IoT) challenges the end-to-end transport of the Internet by low power lossy links and gateways that perform protocol translations. Protocols such as CoAP or MQTT-SN are degraded by the overhead of DTLS sessions, which in common deployment protect content transfer only up to the gateway. To preserve content security end-to-end via gateways and proxies, the IETF recently developed Object Security for Constrained RESTful Environments (OSCORE), which extends CoAP with content object security features commonly known from Information Centric Networks (ICN). This paper presents a comparative analysis of protocol stacks that protect request-response transactions. We measure protocol performances of CoAP over DTLS, OSCORE, and the information-centric Named Data Networking (NDN) protocol on a large-scale IoT testbed in single- and multi-hop scenarios. Our findings indicate that (a) OSCORE improves on CoAP over DTLS in error-prone wireless regimes due to omitting the overhead of maintaining security sessions at endpoints, and (b) NDN attains superior robustness and reliability due to its intrinsic network caches and hop-wise retransmissions.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

LoRa in the Field: Insights from Networking the Smart City Hamburg with RIOT

Inter-connected sensors and actuators have scaled down to small embedded devices such as wearables, and at the same time meet a massive deployment at the Internet edge: the Internet of Things (IoT). Many of these IoT devices run on low-power batteries and are forced to operate on very constrained resources, namely slow CPUs, tiny memories, and low-power radios. Establishing a network infrastructure that is energy efficient, wireless, and still covers a wide area is a larger challenge in this regime. LoRa is a low complexity long range radio technology, which tries to meet these challenges.With LoRaWAN a network model for widespread deployment has been established, which enjoys open public LoRaWAN dissemination such as with the infrastructure of TheThingsNetwork. In this paper, we report about our experiences with developing and deploying LoRa-based smart city applications as part of the MONICA project in Hamburg. Our contributions are twofold. First, we describe the design and implementation of end-to-end IoT applications based on the friendly IoT operating system RIOT. Second, we report on measurements and evaluations of our large field trials during several public events in the city of Hamburg. Our results show that LoRaWAN provides a suitable communication layer for a variety of Smart City use-cases and IoT applications, but also identifies its limitations and weaknesses.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Uncovering Vulnerable Industrial Control Systems from the Internet Core

Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide-area communication. ICS now exchange insecure traffic on an inter-domain level, putting at risk not only common critical infrastructure but also the Internet ecosystem (e.g., DRDoS~attacks). In this paper, we uncover unprotected inter-domain ICS traffic at two central Internet vantage points, an IXP and an ISP. This traffic analysis is correlated with data from honeypots and Internet-wide scans to separate industrial from non-industrial ICS traffic. We provide an in-depth view on Internet-wide ICS communication. Our results can be used i) to create precise filters for potentially harmful non-industrial ICS traffic, and ii) to detect ICS sending unprotected inter-domain ICS traffic, being vulnerable to eavesdropping and traffic manipulation attacks.

0 citations0 reviewsNo code linkedOpen access
preprint2019arXiv

A Lesson in Scaling 6LoWPAN -- Minimal Fragment Forwarding in Lossy Networks

This paper evaluates two forwarding strategies for fragmented datagrams in the IoT: hop-wise reassembly and a minimal approach to directly forward fragments. Minimal fragment forwarding is challenged by the lack of forwarding information at subsequent fragments in 6LoWPAN and thus requires additional data at nodes. We compared the two approaches in extensive experiments evaluating reliability, end-to-end latency, and memory consumption. In contrast to previous work and due to our alternate setup, we obtained different results and conclusions. Our findings indicate that direct fragment forwarding should be deployed only with care, since higher packet transmission rates on the link-layer can significantly reduce its reliability, which in turn can even further reduce end-to-end latency because of highly increased link-layer retransmissions.

0 citations0 reviewsNo code linkedOpen access
preprint2019arXiv

Eco: A Hardware-Software Co-Design for In Situ Power Measurement on Low-end IoT Systems

Energy-constrained sensor nodes can adaptively optimize their energy consumption if a continuous measurement exists. This is of particular importance in scenarios of high dynamics such as energy harvesting or adaptive task scheduling. However, self-measuring of power consumption at reasonable cost and complexity is unavailable as a generic system service. In this paper, we present Eco, a hardware-software co-design enabling generic energy management on IoT nodes. Eco is tailored to devices with limited resources and thus targets most of the upcoming IoT scenarios. The proposed measurement module combines commodity components with a common system interfaces to achieve easy, flexible integration with various hardware platforms and the RIOT IoT operating system. We thoroughly evaluate and compare accuracy and overhead. Our findings indicate that our commodity design competes well with highly optimized solutions, while being significantly more versatile. We employ Eco for energy management on RIOT and validate its readiness for deployment in a five-week field trial integrated with energy harvesting.

0 citations0 reviewsNo code linkedOpen access
preprint2014arXiv

The Role of the Internet of Things in Network Resilience

Disasters lead to devastating structural damage not only to buildings and transport infrastructure, but also to other critical infrastructure, such as the power grid and communication backbones. Following such an event, the availability of minimal communication services is however crucial to allow efficient and coordinated disaster response, to enable timely public information, or to provide individuals in need with a default mechanism to post emergency messages. The Internet of Things consists in the massive deployment of heterogeneous devices, most of which battery-powered, and interconnected via wireless network interfaces. Typical IoT communication architectures enables such IoT devices to not only connect to the communication backbone (i.e. the Internet) using an infrastructure-based wireless network paradigm, but also to communicate with one another autonomously, without the help of any infrastructure, using a spontaneous wireless network paradigm. In this paper, we argue that the vast deployment of IoT-enabled devices could bring benefits in terms of data network resilience in face of disaster. Leveraging their spontaneous wireless networking capabilities, IoT devices could enable minimal communication services (e.g. emergency micro-message delivery) while the conventional communication infrastructure is out of service. We identify the main challenges that must be addressed in order to realize this potential in practice. These challenges concern various technical aspects, including physical connectivity requirements, network protocol stack enhancements, data traffic prioritization schemes, as well as social and political aspects.

0 citations0 reviewsNo code linkedOpen access
preprint2013arXiv

Design, Implementation, and Operation of a Mobile Honeypot

Mobile nodes, in particular smartphones are one of the most relevant devices in the current Internet in terms of quantity and economic impact. There is the common believe that those devices are of special interest for attackers due to their limited resources and the serious data they store. On the other hand, the mobile regime is a very lively network environment, which misses the (limited) ground truth we have in commonly connected Internet nodes. In this paper we argue for a simple long-term measurement infrastructure that allows for (1) the analysis of unsolicited traffic to and from mobile devices and (2) fair comparison with wired Internet access. We introduce the design and implementation of a mobile honeypot, which is deployed on standard hardware for more than 1.5 years. Two independent groups developed the same concept for the system. We also present preliminary measurement results.

0 citations0 reviewsNo code linkedOpen access
preprint2013arXiv

libcppa - Designing an Actor Semantic for C++11

Parallel hardware makes concurrency mandatory for efficient program execution. However, writing concurrent software is both challenging and error-prone. C++11 provides standard facilities for multiprogramming, such as atomic operations with acquire/release semantics and RAII mutex locking, but these primitives remain too low-level. Using them both correctly and efficiently still requires expert knowledge and hand-crafting. The actor model replaces implicit communication by sharing with an explicit message passing mechanism. It applies to concurrency as well as distribution, and a lightweight actor model implementation that schedules all actors in a properly pre-dimensioned thread pool can outperform equivalent thread-based applications. However, the actor model did not enter the domain of native programming languages yet besides vendor-specific island solutions. With the open source library libcppa, we want to combine the ability to build reliable and distributed systems provided by the actor model with the performance and resource-efficiency of C++11.

0 citations0 reviewsNo code linkedOpen access
preprint2012arXiv

Backscatter from the Data Plane --- Threats to Stability and Security in Information-Centric Networking

Information-centric networking proposals attract much attention in the ongoing search for a future communication paradigm of the Internet. Replacing the host-to-host connectivity by a data-oriented publish/subscribe service eases content distribution and authentication by concept, while eliminating threats from unwanted traffic at an end host as are common in today's Internet. However, current approaches to content routing heavily rely on data-driven protocol events and thereby introduce a strong coupling of the control to the data plane in the underlying routing infrastructure. In this paper, threats to the stability and security of the content distribution system are analyzed in theory and practical experiments. We derive relations between state resources and the performance of routers and demonstrate how this coupling can be misused in practice. We discuss new attack vectors present in its current state of development, as well as possibilities and limitations to mitigate them.

0 citations0 reviewsNo code linkedOpen access
preprint2012arXiv

Why We Shouldn't Forget Multicast in Name-oriented Publish/Subscribe

Name-oriented networks introduce the vision of an information-centric, secure, globally available publish-subscribe infrastructure. Current approaches concentrate on unicast-based pull mechanisms and thereby fall short in automatically updating content at receivers. In this paper, we argue that an inclusion of multicast will grant additional benefits to the network layer, namely efficient distribution of real-time data, a many-to-many communication model, and simplified rendezvous processes. These aspects are comprehensively reflected by a group-oriented naming concept that integrates the various available group schemes and introduces new use cases. A first draft of this name-oriented multicast access has been implemented in the HAMcast middleware.

0 citations0 reviewsNo code linkedOpen access