@inproceedings{VoelkerTuexen2023,
  author    = {V{\"o}lker, Timo and T{\"u}xen, Michael},
  title     = {Packet Too Big Detection and its Integration into QUIC},
  series = {2023 16th International Conference on Signal Processing and Communication System (ICSPCS)},
  booktitle = {2023 16th International Conference on Signal Processing and Communication System (ICSPCS)},
  publisher = {IEEE},
  address   = {New York, NY, USA},
  isbn      = {979-8-3503-3351-0},
  doi       = {10.25974/fhms-17411},
  url       = {http://nbn-resolving.de/urn:nbn:de:hbz:836-opus-174119},
  year      = {2023},
  abstract  = {A communication over an Internet Protocol (IP) based network fails if an endpoint sends packets that are too big to reach their destination and if the sender is unable to detect that. The node on the path that drops these packets should respond with a Packet Too Big (PTB) message. However, multiple scenarios exist in which the sender will not receive a PTB message. Even if it does, it refrains from using the information in case it suspects that a potential attacker forged the message. In particular, we are not aware of any implementation of the secure transport protocol QUIC (e.g., used by HTTP/3) that processes PTB messages. In this paper, we present a novel parameterizable PTB detection algorithm for reliable transport protocols that does not depend on PTB messages. We further describe how to integrate our algorithm into QUIC, present results from an evaluation using the algorithm within a QUIC simulation model and, based on these results, suggest concrete parameter values.},
  language  = {en}
}
@inproceedings{SalewskiBodenburgMalechka2023,
  author    = {Salewski, Falk and Bodenburg, Sven and Malechka, Tatsiana},
  title     = {Durchg{\"a}ngige Digitalisierung industrieller Abl{\"a}ufe am Beispiel der Modellfabrik der FH M{\"u}nster},
  series = {Tagungsband AALE 2023 - Mit Automatisierung gegen den Klimawandel},
  booktitle = {Tagungsband AALE 2023 - Mit Automatisierung gegen den Klimawandel},
  editor    = {J{\"a}kel, Jens and Reiff-Stephan, J{\"o}rg and Schwarz, Jens Andr{\´e}},
  isbn      = {978-3-910103-01-6},
  doi       = {10.33968/2023.44},
  year      = {2023},
  abstract  = {Die Modellfabrik der FH M{\"u}nster erlaubt durch den Umfang und die Komplexit{\"a}t der enthaltenen Automatisierungsaufgaben sowie einen Aufbau aus industriellen Komponenten eine praxisnahe Lehre im Bereich aktueller Anlagenautomatisierung und dar{\"u}ber hinausgehenden Funktionen im Sinne einer durchg{\"a}ngigen Digitalisierung. Die verwendete Unterscheidung der durchg{\"a}ngigen Digitalisierung in horizontale und vertikale Verkn{\"u}pfungen wird veranschaulicht. Aufbauend auf Erfahrungen mit der Vorg{\"a}ngeranlage werden Neuerungen der 2021 aufgebauten neuen Modellfabrik vorgestellt. Neuerungen umfassen insbesondere die Modularisierung der Anlage, das umgesetzte Sicherheitskonzept, einen Webshop mit Onlinekonfigurator, eine Webvisualiserung des Anlagenzustandes inklusive der Energieverbr{\"a}uche, sowie M{\"o}glichkeiten zur virtuellen Inbetriebnahme. Weiterhin wird das aktuelle Konzept zur Erweiterung der horizontalen digitalen Durchg{\"a}ngigkeit mittels der Einbindung eines autonomen mobilen Roboters in die Modellfabrik vorgestellt.},
  language  = {de}
}
@article{HomrighausenHorsthemkePogorzelskietal.2023,
  author    = {Homrighausen, Jonas and Horsthemke, Ludwig and Pogorzelski, Jens and Trinschek, Sarah and Gl{\"o}sek{\"o}tter, Peter and Gregor, Markus},
  title     = {Edge-Machine-Learning-Assisted Robust Magnetometer Based on Randomly Oriented NV-Ensembles in Diamond},
  series = {Sensors},
  volume    = {23},
  journal   = {Sensors},
  number    = {3},
  doi       = {10.3390/s23031119},
  year      = {2023},
  abstract  = {Quantum magnetometry based on optically detected magnetic resonance (ODMR) of nitrogen vacancy centers in nano- or micro-diamonds is a promising technology for precise magnetic-field sensors. Here, we propose a new, low-cost and stand-alone sensor setup that employs machine learning on an embedded device, so-called edge machine learning. We train an artificial neural network with data acquired from a continuous-wave ODMR setup and subsequently use this pre-trained network on the sensor device to deduce the magnitude of the magnetic field from recorded ODMR spectra. In our proposed sensor setup, a low-cost and low-power ESP32 microcontroller development board is employed to control data recording and perform inference of the network. In a proof-of-concept study, we show that the setup is capable of measuring magnetic fields with high precision and has the potential to enable robust and accessible sensor applications with a wide measuring range.},
  language  = {en}
}
@inproceedings{IsingPoddebniakKappertetal.2023,
  author    = {Ising, Fabian and Poddebniak, Damian and Kappert, Tobias and Saatjohann, Christoph and Schinzel, Sebastian},
  title     = {Content-Type: multipart/oracle -- Tapping into Format Oracles in Email End-to-End Encryption},
  series = {32nd USENIX Security Symposium},
  booktitle = {32nd USENIX Security Symposium},
  publisher = {USENIX Association},
  year      = {2023},
  abstract  = {S/MIME and OpenPGP use cryptographic constructions repeatedly shown to be vulnerable to format oracle attacks in protocols like TLS, SSH, or IKE. However, format oracle attacks in the End-to-End Encryption (E2EE) email setting are considered impractical as victims would need to open many attacker-modified emails and communicate the decryption result to the attacker. But is this really the case? In this paper, we survey how an attacker may remotely learn the decryption state in email E2EE. We analyze the interplay of MIME and IMAP and describe side-channels emerging from network patterns that leak the decryption status in Mail User Agents (MUAs). Concretely, we introduce specific MIME trees that produce decryption-dependent net work patterns when opened in a victim's email client. We survey 19 OpenPGP- and S/MIME-enabled email clients and four cryptographic libraries and uncover a side-channel leaking the decryption status of S/MIME messages in one client. Further, we discuss why the exploitation in the other clients is impractical and show that it is due to missing feature support and implementation quirks. These unintended defenses create an unfortunate conflict between usability and security. We present more rigid countermeasures for MUA developers and the standards to prevent exploitation.},
  language  = {en}
}