Home
About Us
Research
Publications
Team
Career
News
Contact
  • EN DE

    • Publications

    We publish our research papers at a wide spectrum of venues. In addition, we aim at releasing our research results in the form of open source software projects and datasets.

    Filter by Type

    Filter by Year

    Sort by Date

      August 2021  30th USENIX Security Symposium Conference

    PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop

    Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, Christian Weinert

    PDF BibTeX

    Abstract
    Apple’s offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop’s exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation.

      May 2021 Book

    Sicherheitskritische Mensch-Computer-Interaktion : Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement

    PDF BibTeX DOI: 10.1007/978-3-658-32795-8

    Abstract
    Die zweite, aktualisierte Auflage dieses Lehr- und Fachbuchs gibt eine fundierte und praxisbezogene Einführung sowie einen Überblick über Grundlagen, Methoden und Anwendungen der Mensch-Computer-Interaktion im Kontext von Sicherheit, Notfällen, Krisen, Katastrophen, Krieg und Frieden. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt. Das Buch eignet sich ebenso als Lehrbuch für Studierende wie als Handbuch für Wissenschaftler, Designer, Entwickler und Anwender.

      May 2021  TU Darmstadt Wiesbaden Thesis

    Information Refinement Technologies for Crisis Informatics: User Expectations and Design Implications for Social Media and Mobile Apps in Crisis

    Marc-André Kaufhold

    PDF BibTeX DOI: 10.1007/978-3-658-33341-6

    Abstract
    Marc-André Kaufhold explores user expectations and design implications for the utilization of new media in crisis management and response. He develops a novel framework for information refinement, which integrates the event, organisational, societal, and technological perspectives of crises. Therefore, he reviews the state of the art on crisis informatics and empirically examines the use, potentials and barriers of both social media and mobile apps. Based on these insights, he designs and evaluates ICT concepts and artifacts with the aim to overcome the issues of information overload and quality in large-scale crises, concluding with practical and theoretical implications for technology adaptation and design.

      April 2021  IEEE Transactions on Mobile Computing Article

    Performance and Pitfalls of 60 GHz WLANs Based on Consumer-Grade Hardware

    Swentank Kumar Saha, Hany Assasa, Adrian Loch, Naveen Muralidhar Prakash, Roshan Shyamsunder, Shivang Aggarwal, Daniel Steinmetzer, Dimitrios Koutsonikolas, Joerg Widmer, Matthias Hollick

    PDF BibTeX DOI: 10.1109/TMC.2020.2967386

    Abstract
    Wireless networks operating in the 60 GHz band have the potential to provide very high throughput but face a number of challenges (e.g., high attenuation, beam training, and coping with mobility) which are widely accepted but often not well understood in practice. Understanding these challenges, and especially their actual impact on consumer-grade hardware is fundamental to fully exploit the high physical layer rates in the 60 GHz band. To this end, we perform an extensive measurement campaign using two commercial off-the-shelf 60 GHz routers in real-world environments. Our results allow us to revisit a range of issues and provide much deeper insights into the reasons for specific performance compared to prior work on performance characterization. Further, our study goes beyond basic link characterization and explores for the first time practical considerations such as coverage and access point deployment. While some of our observations are expected, we also obtain highly surprising insights that challenge the prevailing wisdom in the community. We derive the shortcomings of current commercial 60 GHz devices, and the fundamental problems that remain open on the way to fast and efficient 60 GHz networking.

      March 2021  Fachtagung Mechatronik 2021 Conference

    Entwicklung eines autonomiefokussierten hochmobilen Bodenrobotersystems für den Katastrophenschutz

    Marius Schnaubelt, Tobias Ullrich, Moritz Torchalla, Jonas Diegelmann, Matthias Hoffmann, Oskar von Stryk

    PDF BibTeX

    Abstract
    Mobile Rettungsroboter ermöglichen den menschlichen Bedienern die Bearbeitung von Aufgaben aus sicherer Entfernung in risikoreichen Umgebungen. Durch die unstrukturierte Umgebung der komplexen und vorab unbekannten Einsatzszenarien, verursacht die aktuell übliche Teleoperation der Robotersysteme eine hohe kognitive Belastung für den Roboteroperator, was schnell zur Ermüdung führt. Durch intelligente autonome Assistenzfunktionen können die Operatoren entlastet werden, wodurch die Wahrscheinlichkeit von Bedienfehlern reduziert und die Effizienz des Robotereinsatzes erhöht werden kann. Diese innovativen Assistenzfunktionen benötigen jedoch ein mechatronisches Design, dessen Anforderungen an Hard- und Software für ein effektives Gesamtsystem eng aufeinander abgestimmt und umgesetzt werden müssen. Die Entwicklung eines hochmobilen autonomiefokussierten Bodenroboters mit modularen Sensornutzlasten ermöglicht dem Operator ein umfassendes Situationsbewusstsein sowie Unterstützung bei Navigation und Manipulation. Die Evaluation des Gesamtsystems und von Einzelkomponenten analysiert die Erfüllung des Anforderungskatalogs und demonstriert so die Eignung für (semi-)autonome Rettungsrobotikeinsätze.

      2021  24th International Conference on Artificial Intelligence and Statistics Conference

    Approximately Solving Mean Field Games via Entropy-Regularized Deep Reinforcement Learning

    Kai Cui, Heinz Koeppl

    BibTeX

    Abstract
    The recent mean field game (MFG) formalism facilitates otherwise intractable computation of approximate Nash equilibria in many-agent settings. In this paper, we consider discrete-time finite MFGs subject to finite-horizon objectives. We show that all discrete-time finite MFGs with non-constant fixed point operators fail to be contractive as typically assumed in existing MFG literature, barring convergence via fixed point iteration. Instead, we incorporate entropy-regularization and Boltzmann policies into the fixed point iteration. As a result, we obtain provable convergence to approximate fixed points where existing methods fail, and reach the original goal of approximate Nash equilibria. All proposed methods are evaluated with respect to their exploitability, on both instructive examples with tractable exact solutions and high-dimensional problems where exact methods become intractable. In high-dimensional scenarios, we apply established deep reinforcement learning methods and empirically combine fictitious play with our approximations.

      2021  WiSec ‘20: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

    DEMO : BTLEmap : Nmap for Bluetooth Low Energy

    Alexander Heinrich, Milan Stute, Matthias Hollick

    PDF BibTeX DOI: 10.26083/tuprints-00017839

    Abstract
    The market for Bluetooth Low Energy (BLE) devices is booming and, at the same time, has become an attractive target for adversaries. To improve BLE security at large, we present BTLEmap, an auditing application for BLE environments. BTLEmap is inspired by network discovery and security auditing tools such as Nmap for IP-based networks. It allows for device enumeration, Generic Attribute Profile (GATT) service discovery, and device fingerprinting. It also features a BLE advertisement dissector, data exporter, and a user-friendly UI including a proximity view. BTLEmap currently runs on iOS and macOS using Apple’s CoreBluetooth API but also accepts alternative data inputs such as a Raspberry Pi to overcome the restricted vendor API. The open-source project is under active development and will provide more advanced capabilities such as long-term device tracking (in spite of MAC address randomization) in the future.

      2021  30th USENIX Security Symposium Conference

    Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi

    Milan Stute, Alexander Heinrich, Jannik Lorenz, Matthias Hollick

    PDF BibTeX

    Abstract
    Apple controls one of the largest mobile ecosystems, with 1.5 billion active devices worldwide, and offers twelve proprietary wireless Continuity services. Previous works have unveiled several security and privacy issues in the involved protocols. These works extensively studied AirDrop while the coverage of the remaining vast Continuity service space is still low. To facilitate the cumbersome reverse-engineering process, we describe the first guide on how to approach a structured analysis of the involved protocols using several vantage points available on macOS. Also, we develop a toolkit to automate parts of this otherwise manual process. Based on this guide, we analyze the full protocol stacks involved in three Continuity services, in particular, Handoff (HO), Universal Clipboard (UC), and Wi-Fi Password Sharing (PWS). We discover several vulnerabilities spanning from Bluetooth Low Energy (BLE) advertisements to Apple’s proprietary authentication protocols. These flaws allow for device tracking via HO’s mDNS responses, a denial-of-service (DoS) attack on HO and UC, a DoS attack on PWS that prevents Wi-Fi password entry, and a machine-in-the-middle (MitM) attack on PWS that connects a target to an attacker-controlled Wi-Fi network. Our PoC implementations demonstrate that the attacks can be mounted using affordable off-the-shelf hardware ($20 micro:bit and a Wi-Fi card). Finally, we suggest practical mitigations and share our findings with Apple, who have started to release fixes through iOS and macOS updates.

      November 2020  45th Local Computer Networks Symposium on Emerging Topics in Networking Conference

    Topology-aware Path Planning for In-Transit Coverage of Aerial Post-Disaster Communication Assistance Systems

    Julian Zobel, Benjamin Becker, Ralf Kundel, Patrick Lieser, Ralf Steinmetz

    BibTeX DOI: 10.1109/LCNSymposium50271.2020.9363268

    Abstract
    The increase in natural disasters that impair and destroy communication infrastructure over the last years simultaneously increased the importance of infrastructure-independent ad hoc communication. Especially delay-tolerant networks (DTNs) are able to provide basic communication functionality for civilians, but performance suffers from a typically highly intermittent network with clusters around important locations like shelters. Small Unmanned Aerial Vehicles (UAVs) have proven to be efficient data ferries between clusters, but they require knowledge of cluster locations and also do not cover network nodes in transit between clusters. These in-transit nodes are therefore disconnected from the network for a long time and might miss critical messages like evacuation notices or hazard warnings. This paper provides two contributions for UAV-assisted post-disaster DTN communication. First, we present a novel approach to estimate the location of dynamically changing clusters in a post-disaster scenario. Second, we introduced a topology-aware path planning approach for UAV data ferry flights, covering in-transit node on their way between clusters. Our evaluation results highlight the quality requirements on topology information for an efficient application of Aerial Post-Disaster Communication Assistance Systems and demonstrate the positive impact of in-transit node coverage on the DTN’s communication performance.

      November 2020  Proceedings of the ACM on Programming Languages Article

    Rethinking Safe Consistency in Distributed Object-Oriented Programming

    Mirko Köhler, Nafise Eskandani, Pascal Weisenburger, Alessandro Margara, Guido Salvaneschi

    BibTeX DOI: 10.1145/3428256

    Abstract
    Large scale distributed systems require to embrace the trade off between consistency and availability, accepting lower levels of consistency to guarantee higher availability. Existing programming languages are, however, agnostic to this compromise, resulting in consistency guarantees that are the same for the whole application and are implicitly adopted from the middleware or hardcoded in configuration files. In this paper, we propose to integrate availability in the design of an object-oriented language, allowing developers to specify different consistency and isolation constraints in the same application at the granularity of single objects. We investigate how availability levels interact with object structure and define a type system that preserves correct program behavior. Our evaluation shows that our solution performs efficiently and improves the design of distributed applications.

      September 2020  Proceedings of the 14th International Workshop on Wireless Network Testbeds, Experimental evaluation & Characterization Conference

    Hardware-Accelerated Real-Time Stream Data Processing on Android with GNU Radio

    Bastian Bloessl, Lars Baumgärtner, Matthias Hollick

    PDF BibTeX DOI: 10.1145/3411276.3412184

    Abstract
    With the ever-increasing performance of smartphones and tablets, they become viable platforms for applications that were, in the past, only possible on desktops or laptops. In this paper, we study their applicability for real-time stream-data processing, which is particularly interesting for Software Defined Radio (SDR) applications, enabling wireless measurement and experimentation campaigns on mobile platforms. To this end, we port GNU Radio, a state-of-theart, open source, real-time stream-data processing framework, to Android and evaluate its performance. We show that it is possible to fully benefit from available accelerators, i.e., Single Instruction Multiple Data (SIMD) and the Graphics Processing Unit (GPU), which provide considerable speedups and allow for efficient implementations. As a general-purpose real-time data processing framework, GNU Radio can provide the base for a wide range of applications. To demonstrate its flexibility, we provide example applications that implement FM and Wireless LAN (WLAN). Our toolchain is published as open source software, thus serving as an enabler for highly mobile SDR applications.

      August 2020  Datenschutz und Datensicherheit (DuD) Article

    Datensicherheit von Corona-Apps nach der DSGVO

    Tim Grube, Alexander Heinrich, Jan-Philipp Stroscher, Sabrina Schomberg

    BibTeX DOI: 10.1007/s11623-020-1314-0

    Abstract
    Der Beitrag analysiert die Protokolle der Konsortien DP-3T und PEPP-PT aus technischer Perspektive und grenzt diese voneinander ab. Zudem wird die technische Ausgestaltung der Entwicklerschnittstelle (API) von Google und Apple dargestellt. Aufbauend darauf erfolgt eine rechtliche Beurteilung der sich aus Art. 5 Abs. 1 lit. f, 25, 32 DSGVO ergebenden und die Datensicherheit betreffenden Kriterien und deren konkrete Umsetzung in den Protokollen.

      July 2020  WiSec 2020: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

    Acoustic Integrity Codes: Secure Device Pairing Using Short-Range Acoustic Communication

    Florentin Putz, Flor Álvarez, Jiska Classen

    PDF BibTeX DOI: 10.1145/3395351.3399420

    Abstract
    Secure Device Pairing (SDP) relies on an out-of-band channel to authenticate devices. This requires a common hardware interface, which limits the use of existing SDP systems. We propose to use short-range acoustic communication for the initial pairing. Audio hardware is commonly available on existing off-the-shelf devices and can be accessed from user space without requiring firmware or hardware modifications. We improve upon previous approaches by designing Acoustic Integrity Codes (AICs): a modulation scheme that provides message authentication on the acoustic physical layer. We analyze their security and demonstrate that we can defend against signal cancellation attacks by designing signals with low autocorrelation. Our system can detect overshadowing attacks using a ternary decision function with a threshold. In our evaluation of this SDP scheme’s security and robustness, we achieve a bit error ratio below 0.1% for a net bit rate of 100 bps with a signal-to-noise ratio (SNR) of 14 dB. Using our open-source proof-of-concept implementation on Android smartphones, we demonstrate pairing between different smartphone models.

      June 2020  International Journal of Disaster Risk Reduction (IJDRR) Article

    Emergency Service Staff and Social Media – A Comparative Empirical Study of the Perception by Emergency Services Members in Europe in 2014 and 2017

    Christian Reuter, Marc-André Kaufhold, Fabian Spahr, Thomas Spielhofer, Anna Sophie Hahne

    PDF BibTeX DOI: 10.1016/j.ijdrr.2020.101516

    Abstract
    Finding a way to ensure an effective use of social media has become increasingly important to emergency services over the past decade. Despite all efforts to determine the utility of social media for emergency organisations, it is necessary to benefit from such institutions’ staffs’ opinions to establish effective use. To provide empirical evidence we present a comparison of two surveys, conducted across Europe with emergency services in 2014 and 2017 respectively, with a total of 1169 answers. The analysis shows that personal experience has an effect on how organisational usage of social media is perceived and how emergency service staff view the future use of social media. Furthermore, the use has increased. This article not only shows emergency services what their staff think about their social media usage but also discusses challenges and future directions for the design of systems that can be useful for further development of optimized organisational social media usage.

      June 2020  International Journal of Mechanics and Control Article

    Optimization-Based Planning for Autonomous Traversal of Obstacles with Mobile Ground Robots

    Martin Oehler, Stefan Kohlbrecher, Oskar von Stryk

    BibTeX

    Abstract
    Mobile robotic platforms which are traversing unstructured environments with challenging uneven terrain are permanently endangered of falling over. Previous research on trajectory planning methods for the prevention of vehicle tip-over is mostly limited to basic mobility systems with only few degrees of freedom (DOF). This paper proposes a novel optimization-based planning approach that enables mobile robots to autonomously traverse obstacles and rough terrain more safely. A 3D world model as provided from external sensors like Lidar is used to compute a whole-body motion plan in advance by optimizing the trajectories of each joint. Active flipper tracks maximize ground contact for improved traction and, if available, manipulator arm joints are used to further improve stability metrics. Additional constraints prevent collisions with the environment and the robot itself. The presented approach makes only few assumptions about the robot’s configuration and is applicable to a wide range of wheeled or tracked platforms. This is demonstrated by experimental evaluation for two different robots in simulation and for one physical robot. In four different test scenarios it is shown, that the proposed approach effectively prevents vehicle tip-over during traversal of uneven ground.

      May 2020  28th European Conference on Information Systems Conference

    Warning the Public: A Survey on Attitudes, Expectations and Use of Mobile Crisis Apps in Germany

    Marc-André Kaufhold, Jasmin Haunschild, Christian Reuter

    PDF BibTeX

    Abstract
    As part of information systems, the research field of crisis informatics increasingly investigates the potentials and limitations of mobile crisis apps, which constitute a relatively new public service for citizens and are specifically designed for the dissemination of disaster‐related information and communication between authorities, organizations and citizens. While existing crisis apps, such as KATWARN or NINA in Germany, focus on preparatory information and warning functionality, there is a need for apps and research on police-related functionality, such as information on cybercrime, fraud offences, or search for missing persons. Based on a workshop with civil protection (N=12) and police officers (N=15), we designed a questionnaire and conducted a representative survey of German citizens (N=1.219) on the past, current and future use, perceived helpfulness, deployment and behavioural preferences, configurability and most important functionality of mobile crisis apps. Our results indicate that in addition to emergency and weather warnings, crime- and health-related warnings are also desired by many, as is the possibility for bidirectional communication. People also want one central app and are resistant to installing more than one crisis app. Furthermore, there are few significant differences between socioeconomic groups.

      May 2020  17th International Conference on Information Systems for Crisis Response and Management (ISCRAM 2020) Conference

    LoRa-based Device-to-Device Smartphone Communication for Crisis Scenarios

    Jonas Höchst, Lars Baumgärtner, Franz Kuntke, Alvar Penning, Artur Sterz, Bernd Freisleben

    PDF BibTeX

    Abstract
    In this paper, we present an approach to facilitate long-range device-to-device communication via smartphones in crisis scenarios. Through a custom firmware for low-cost LoRa capable micro-controller boards, called rf95modem, common devices for end users can be enabled to use LoRa through a Bluetooth, Wi-Fi, or serial connection. We present two applications utilizing the flexibility provided by the proposed firmware. First, we introduce a novel device-to-device LoRa chat application that works a) on the two major mobile platforms Android and iOS and b) on traditional computers like notebooks using a console-based interface. Second, we demonstrate how other infrastructure-less technology can benefit from our approach by integrating it into the DTN7 delay-tolerant networking software. The firmware, the device-to-device chat application, the integration into DTN7, as well as the experimental evaluation code fragments are available under permissive open-source licenses.

      April 2020  Proceedings of the International Conference on Wirtschaftsinformatik (WI) Conference

    Sticking with Landlines? Citizens’ Use and Perception of Social Media in Emergencies and Expectations Towards Emergency Services in Germany

    Jasmin Haunschild, Marc-André Kaufhold, Christian Reuter

    BibTeX DOI: 10.30844/wi_2020_o2-haunschild

    Abstract
    Crisis informatics has examined the use, potentials and weaknesses of social media in emergencies across different events (e.g., man-made, natural or hybrid), countries and heterogeneous participants (e.g., citizens or emergency services) for almost two decades. While most research analyzes specific cases, few studies have focused on citizens’ perceptions of different social media platforms in emergencies using a representative sample. Basing our questionnaire on a workshop with police officers, we present the results of a representative study on citizens’ perception of social media in emergencies that we conducted in Germany. Our study suggests that when it comes to emergencies, socio-demographic differences are largely insignificant and no clear preferences for emergency services’ social media strategies exist. Due to the widespread searching behavior on some platforms, emergency services can reach a wide audience by turning to certain channels but should account for groups with distinct preferences.

      April 2020  2020 CHI Conference on Human Factors in Computing Systems Conference

    Walk The Line: Leveraging Lateral Shifts of the Walking Path as an Input Modality for Head-Mounted Displays

    Florian Müller, Martin Schmitz, Daniel Schmitt, Sebastian Günther, Markus Funk, Max Mühlhäuser

    BibTeX DOI: 10.1145/3313831.3376852

    Abstract
    Recent technological advances have made head-mounted displays (HMDs) smaller and untethered, fostering the vision of ubiquitous interaction in a digitally augmented physical world. Consequently, a major part of the interaction with such devices will happen on the go, calling for interaction techniques that allow users to interact while walking. In this paper, we explore lateral shifts of the walking path as a hands-free input modality. The available input options are visualized as lanes on the ground parallel to the user’s walking path. Users can select options by shifting the walking path sideways to the respective lane. We contribute the results of a controlled experiment with 18 participants, confirming the viability of our approach for fast, accurate, and joyful interactions. Further, based on the findings of the controlled experiment, we present three example applications.

      March 2020  Technische Universität Darmstadt Thesis

    Secure device-to-device communication for emergency response

    Flor Álvarez

    PDF BibTeX DOI: 10.25534/tuprints-00011486

    Abstract
    Mobile devices have the potential to make a significant impact during disasters. However, their practical impact is severely limited by the loss of access to mobile communication infrastructure: Precisely, when there is a surge in demand for communications from people in a disaster zone, this capacity for communications is severely curtailed. This loss of communications undermines the effectiveness of the many recent innovations in the use of smartphones and similar devices to mitigate the effects of disasters. While various solutions have been proposed, e. g., by having handsets form wireless ad hoc networks, none are complete: Some are specific to certain mobile operating systems or operating system versions. Others result in unacceptably increased energy consumption, flattening the batteries of phones at a time when users need to conserve energy due to the loss of access to opportunities to recharge their mobile devices. Realistic user behaviour, including patterns of movement and communications, are also rarely addressed. Further, security is rarely considered in a comprehensive and satisfying manner, leaving users exposed to a variety of potential attacks. Thus there is a compelling need to find more effective solutions for communications, energy management, and security of mobile devices operating in disaster conditions. To address these shortcomings, this thesis provides a suite of comprehensive solutions that contribute to facilitate secure device-to-device communication for emergency response. This thesis works to solve these problems by: (i) Conducting a large-scale field-trial to understand and analyze civilians’ behaviour during disaster scenarios; (ii) Proposing a practical, lightweight scheme for bootstrapping device-to-device security, that is tailored for local urban operations representative of disaster scenarios; (iii) Realizing novel energy management strategies for the neighbour discovery problem, which deliver significant energy savings in return for only a minimal reduction in neighbour discovery efficiency; (iv) The description of novel concepts for using devices in a smart city environment that remain functional following a disaster to support communications among mobile devices. In short, this thesis adds considerably to the understanding of the difficulties in the formation of direct device-to-device communications networks composed primarily of civilians’ mobile devices, and how several facets of this problem can be mitigated. Several of the proposed enhancements are also implemented. Thus, this thesis also takes essential steps in the direction of realizing such solutions to demonstrate their feasibility on real devices, intending to improve the tools available to civilians post-disaster.

      February 2020  The Art, Science, and Engineering of Programming Article

    Implementing a Language for Distributed Systems: Choices and Experiences with Type Level and Macro Programming in Scala

    Pascal Weisenburger, Guido Salvaneschi

    PDF BibTeX DOI: 10.22152/programming-journal.org/2020/4/17

    Abstract
    Multitier programming languages reduce the complexity of developing distributed systems by developing the distributed system in a single coherent code base. The compiler or the runtime separate the code for the components of the distributed system, enabling abstraction over low level implementation details such as data representation, serialization and network protocols. Our ScalaLoci language allows developers to declare the different components and their architectural relation at the type level, allowing static reasoning about about distribution and remote communication and guaranteeing static type safety across components. The compiler splits the multitier program into the component-specific code and automatically generates the communication boilerplate. Communication between components can be modeled by declaratively specifying data flows between components using reactive programming. In this paper, we report on the implementation of our design and our experience with embedding our language features into Scala as a host language. We show how a combination of Scala’s advanced type level programming and its macro system can be used to enrich the language with new abstractions. We comment on the challenges we encountered and the solutions we developed for our current implementation and outline suggestions for an improved macro system to support the such use cases of embedding of domain-specific abstractions.

      February 2020  Embedded Wireless Systems and Networks (EWSN) Conference

    Improving the Reliability of Bluetooth Low Energy Connections

    Michael Spörk, Jiska Classen, Carlo Alberto Boano, Matthias Hollick, Kay Römer

    PDF BibTeX

    Abstract
    o sustain a reliable data exchange, applications based on Bluetooth Low Energy (BLE) need to effectively blacklist channels and adapt the physical mode of an active connection at runtime. Although the BLE specification foresees the use of these two mechanisms, their implementation is left up to the radio vendors and has not been studied in detail yet. This paper fills this gap: we first investigate experimentally how to assess the quality of a BLE connection at runtime using information gathered from the radio. We then show how this information can be used to promptly blacklist poor channels and select a physical mode that sustains a high link-layer reliability while minimizing power consumption. We implement both mechanisms on two popular platforms and show experimentally that they allow to significantly improve the reliability of BLE connections, with a reduction in packet loss by up to 22 % compared to existing solutions.

      February 2020  Technische Universität Darmstadt Thesis

    Availability by Design: Practical Denial-of-Service-Resilient Distributed Wireless Networks

    Milan Stute

    PDF BibTeX DOI: 10.25534/tuprints-00011457

    Abstract
    Distributed wireless networks (DWNs) where devices communicate directly without relying on Internet infrastructure are on the rise, driving new applications and paradigms such as multimedia, authentication, payment, Internet of things (IoT), vehicular communication, and emergency response. However, the increased societal reliance on technology and the resulting “always-on” expectations of the users increase the risk of denial-of-service (DoS) attacks as they can leverage disruption in new ways beyond extortions (ransomware) that are common in today’s Internet ecosystem. These new risks extend to our physical world, directly impacting our daily lives, e.g., by being locked out of a smart home or by disrupting vehicular collision avoidance systems. As a research community, we need to protect those new applications that—as we find—can be mapped to a total of three distinct networking scopes: neighbor, island, and archipelago. In this thesis, we advance the field in each of these scopes. First, we analyze two proprietary neighbor communication protocols, Apple Wireless Direct Link (AWDL) and Apple AirDrop, that are deployed on more than 1.4 billion devices worldwide. During the process, we uncover several security and privacy vulnerabilities ranging from design flaws to implementation bugs leading to a machine-in-the-middle (MitM) attack on AirDrop, a DoS attack on AWDL preventing communication, and DoS attacks enabling crashing of neighboring devices. In addition, we found privacy leaks that enable user identification and long-term tracking. All attacks can be mounted using low-cost off-the-shelf hardware. In total, we disclose eight distinct vulnerabilities that we mitigate in collaboration with Apple. Second, we design and implement a new island communication protocol tailored to IoT scenarios, which provides provable protections against previously neglected risks such as wormhole- and replay-supported greyhole attacks. We support our analytical findings with testbed experiments. Third, we propose an archipelago-scope communication framework for emergencies that achieves resiliency against flooding and Sybil attacks. We evaluate our design using an original expert knowledge-based simulation that models human mobility during the aftermath of the 2013 Typhoon Haiyan in the Philippines. Finally, and to nourish future research, we provide a guide for analyzing Apple’s wireless ecosystem and publish several software artifacts, including an AWDL Wireshark dissector, open AWDL and AirDrop implementations, a prototype of our IoT communication protocol, and our natural disaster mobility model.

      January 2020  Information Processing & Management Article

    Rapid relevance classification of social media posts in disasters and emergencies: A system and evaluation featuring active, incremental and online learning

    Marc-André Kaufhold, Markus Bayer, Christian Reuter

    BibTeX DOI: 10.1016/j.ipm.2019.102132

    Abstract
    The research field of crisis informatics examines, amongst others, the potentials and barriers of social media use during disasters and emergencies. Social media allow emergency services to receive valuable information (e.g., eyewitness reports, pictures, or videos) from social media. However, the vast amount of data generated during large-scale incidents can lead to issue of information overload. Research indicates that supervised machine learning techniques are sui- table for identifying relevant messages and filter out irrelevant messages, thus mitigating in- formation overload. Still, they require a considerable amount of labeled data, clear criteria for relevance classification, a usable interface to facilitate the labeling process and a mechanism to rapidly deploy retrained classifiers. To overcome these issues, we present (1) a system for social media monitoring, analysis and relevance classification, (2) abstract and precise criteria for re- levance classification in social media during disasters and emergencies, (3) the evaluation of a well-performing Random Forest algorithm for relevance classification incorporating metadata from social media into a batch learning approach (e.g., 91.28%/89.19% accuracy, 98.3%/89.6% precision and 80.4%/87.5% recall with a fast training time with feature subset selection on the European floods/BASF SE incident datasets), as well as (4) an approach and preliminary eva- luation for relevance classification including active, incremental and online learning to reduce the amount of required labeled data and to correct misclassifications of the algorithm by feed- back classification. Using the latter approach, we achieved a well-performing classifier based on the European floods dataset by only requiring a quarter of labeled data compared to the tradi- tional batch learning approach. Despite a lesser effect on the BASF SE incident dataset, still a substantial improvement could be determined.

      2020  IEEE Internet of Things Journal Article

    LIDOR : A Lightweight DoS-Resilient Communication Protocol for Safety-Critical IoT Systems

    Milan Stute, Pranay Agarwal, Abhinav Kumar, Arash Asadi, Matthias Hollick

    PDF BibTeX DOI: 10.25534/tuprints-00013320

    Abstract
    IoT devices penetrate different aspects of our life including critical services, such as health monitoring, public safety, and autonomous driving. Such safety-critical IoT systems often consist of a large number of devices and need to withstand a vast range of known Denial-of-Service (DoS) network attacks to ensure a reliable operation while offering low-latency information dissemination. As the first solution to jointly achieve these goals, we propose LIDOR, a secure and lightweight multihop communication protocol designed to withstand all known variants of packet dropping attacks. Specifically, LIDOR relies on an end-to-end feedback mechanism to detect and react on unreliable links and draws solely on efficient symmetric-key cryptographic mechanisms to protect packets in transit. We show the overhead of LIDOR analytically and provide the proof of convergence for LIDOR which makes LIDOR resilient even to strong and hard-to-detect wormhole-supported grayhole attacks. In addition, we evaluate the performance via testbed experiments. The results indicate that LIDOR improves the reliability under DoS attacks by up to 91% and reduces network overhead by 32% compared to a state-of-the-art benchmark scheme.

      2020  International Journal of Disaster Risk Reduction Article

    Empirical insights for designing Information and Communication Technology for International Disaster Response

    Milan Stute, Max Maass, Tom Schons, Marc-André Kaufhold, Christian Reuter, Matthias Hollick

    PDF BibTeX DOI: 10.25534/tuprints-00013309

    Abstract
    Due to the increase in natural disasters in the past years, Disaster Response Organizations (DROs) are faced with the challenge of coping with more and larger operations. Currently appointed Information and Communications Technology (ICT) used for coordination and communication is sometimes outdated and does not scale, while novel technologies have the potential to greatly improve disaster response efficiency. To allow adoption of these novel technologies, ICT system designers have to take into account the particular needs of DROs and characteristics of International Disaster Response (IDR). This work attempts to bring the humanitarian and ICT communities closer together. In this work, we analyze IDR-related documents and conduct expert interviews. Using open coding, we extract empirical insights and translate the peculiarities of DRO coordination and operation into tangible ICT design requirements. This information is based on interviews with active IDR staff as well as DRO guidelines and reports. Ultimately, the goal of this paper is to serve as a reference for future ICT research endeavors to support and increase the efficiency of IDR operations.

      2020  Disaster Research Days 2020 - Konferenzband Conference

    Politische Naturkatastrophen - Wie Ideologien den Umgang mit Hochwasser prägten

    Nadja Thiessen

    BibTeX

    Abstract
    Die Bewältigung von Krisen und Katastrophen weist stets auch eine politische Dimension auf. Exemplarisch lässt sich dies für das 20. Jahrhundert in Deutschland und den dortigen Umgang mit Flusshochwassern nachweisen. In den ausgewählten Fallstädten Mannheim und Dresden konnte zwar ein konstanter Bewältigungskreislauf im städtischen Hochwasserschutz identifiziert werden, wenn dieser jedoch in seinen historischen Kontext gesetzt wird, offenbaren sich Unterschiede. Sie können vor allem auf die verschiedenen politischen Rahmenbedingungen wie Staatsform und vorherrschende Ideologie zurückgeführt werden. Im folgenden Beitrag werden die Einflüsse historischer autoritärer Regime, insbesondere des Nationalsozialismus und der DDR, den demokratischen Systemen gegenübergestellt.

      2020  2020 CHI Conference on Human Factors in Computing Systems (CHI ‘20) Conference

    Podoportation: Foot-Based Locomotion in Virtual Reality

    Julius von Willich, Martin Schmitz, Florian Müller, Daniel Schmitt, Max Mühlhäuser

    BibTeX DOI: dx.10.1145/3313831.3376626

    Abstract
    Virtual Reality (VR) allows for infinitely large environments. However, the physical traversable space is always limited by real-world boundaries. This discrepancy between physical and virtual dimensions renders traditional locomotion methods used in real world unfeasible. To alleviate these limitations, research proposed various artificial locomotion concepts such as teleportation, treadmills, and redirected walking. However, these concepts occupy the user’s hands, require complex hardware or large physical spaces. In this paper, we contribute nine VR locomotion concepts for foot-based and hands-free locomotion, relying on the 3D position of the user’s feet and the pressure applied to the sole as input modalities. We evaluate our concepts and compare them to state-of-the-art point & teleport technique in a controlled experiment with 20 participants. The results confirm the viability of our approaches for hands-free and engaging locomotion. Further, based on the findings, we contribute a wireless hardware prototype implementation.

      November 2019  ASE2019 Conference

    Automated Refactoring to Reactive Programming

    Mirco Köhler, Guido Salvaneschi

    PDF BibTeX DOI: 10.1109/ASE.2019.00082

    Abstract
    Reactive programming languages and libraries, such as ReactiveX, have been shown to significantly improve software design and have seen important industrial adoption over the last years. Asynchronous applications – which are notoriously error-prone to implement and to maintain – greatly benefit from reactive programming because they can be defined in a declarative style, which improves code clarity and extensibility. In this paper, we tackle the problem of refactoring existing code bases that are designed using traditional abstractions for asynchronous programming. We propose 2Rx, a refactoring tool to automatically convert asynchronous code to reactive programming. Our evaluation on top-starred GitHub projects shows that 2Rx is effective with the most common asynchronous constructs, covering ~94.7% of the projects with asynchronous computations, and it can provide a refactoring for ~91.7% of their occurrences.

      October 2019  2019 IEEE Global Humanitarian Technology Conference (GHTC 2019) Conference

    Smart Street Lights and Mobile Citizen Apps for Resilient Communication in a Digital City

    Lars Baumgärtner, Jonas Höchst, Patrik Lampe, Ragnar Mogk, Artur Sterz, Pascal Weisenburger, Mira Mezini, Bernd Freisleben

    BibTeX

    Abstract
    Currently, nearly four billion people live in urban areas. Since this trend is increasing, natural disasters or terrorist attacks in such areas affect an increasing number of people. While information and communication technology is crucial for the operation of urban infrastructures and the well-being of its inhabitants, current technology is quite vulnerable to disruptions of various kinds. In future smart cities, a more resilient urban infrastructure is imperative to handle the increasing number of hazardous situations. We present a novel resilient communication approach based on smart street lights as part of the public infrastructure. It supports people in their everyday life and adapts its functionality to the challenges of emergency situations. Our approach relies on various environmental sensors and in-situ processing for automatic situation assessment, and a range of communication mechanisms (e.g., public WiFi hotspot functionality and mesh networking) for maintaining a communication network. Furthermore, resilience is not only achieved based on infrastructure deployed by a digital city’s municipality, but also based on integrating citizens through software that runs on their mobile devices (e.g., smartphones and tablets). Web-based zero-installation and platform-agnostic apps can switch to device-to-device communication to continue benefiting people even during a disaster situation. Our approach, featuring a covert channel for professional responders and the zero-installation app, is evaluated through a prototype implementation based on a commercially available street light.

      October 2019  13th International Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization (WiNTECH ’19) Conference

    Free Your CSI: A Channel State Information Extraction Platform For Modern Wi-Fi Chipsets

    Francesco Gringoli, Matthias Schulz, Jakob Link, Matthias Hollick

    PDF BibTeX DOI: 10.1145/3349623.3355477

    Abstract
    Modern wireless transmission systems heavily benefit from knowing the channel response. The evaluation of Channel State Information (CSI) during the reception of a frame preamble is fundamental to properly equalizing the rest of the transmission at the receiver side. Reporting this state information back to the transmitter facilitates mechanisms such as beamforming and MIMO, thus boosting the network performance. While these features are an integral part of standards such as 802.11ac, accessing CSI data on commercial devices is either not possible, limited to outdated chipsets or very inflexible. This hinders the research and development of innovative CSI-dependent techniques including localization, object tracking, and interference evaluation. To help researchers and practitioners, we introduce the nexmon CSI Extractor Tool. It allows per-frame CSI extraction for up to four spatial streams using up to four receive chains on modern Broadcom and Cypress Wi-Fi chips with up to 80MHz bandwidth in both the 2.4 and 5GHz bands. The tool supports devices ranging from the low-cost Raspberry Pi platform, over mobile platforms such as Nexus smartphones to state-of-the-art Wi-Fi APs. We release all tools and Wi-Fi firmware patches as extensible open source project. It includes our user-friendly smartphone application to demonstrate the CSI extraction capabilities in form of a waterfall diagram.

      October 2019  18th International Conference on Ad Hoc Networks and Wireless (ADHOC-NOW 2019) Conference

    DTN7: An Open-Source Disruption-tolerant Networking Implementation of Bundle Protocol 7

    Alvar Penning, Lars Baumgärtner, Jonas Höchst, Artur Sterz, Mira Mezini, Bernd Freisleben

    PDF BibTeX

    Abstract
    In disruption-tolerant networking (DTN), data is transmitted in a store-carry-forward fashion from network node to network node. In this paper, we present an open source DTN implementation, called DTN7, of the recently released Bundle Protocol Version 7 (draft version 13). DTN7 is written in Go and provides features like memory safety and concurrent execution. With its modular design and interchangeable components, DTN7 facilitates DTN research and application development. Furthermore, we present results of a comparative experimental evaluation of DTN7 and other DTN systems including Serval, IBR-DTN, and Forban. Our results indicate that DTN7 is a flexible and efficient open-source multi-platform implementation of the most recent Bundle Protocol Version 7.

      October 2019  44th IEEE Conference on Local Computer Networks (LCN 2019) Conference

    OPPLOAD: Offloading Computational Workflows in Opportunistic Networks

    Artur Sterz, Lars Baumgärtner, Jonas Höchst, Patrick Lampe, Bernd Freisleben

    BibTeX

    Abstract
    Computation offloading is often used in mobile cloud computing, edge computing, and/or fog computing to cope with resource limitations of mobile devices in terms of computational power, storage, and energy. Computation offloading is particularly challenging in situations where network connectivity is periodic, intermittent, or error-prone. In this paper, we present OPPLOAD, a novel framework designed for offloading computational workflows in opportunistic networks that provide support for communication in such situations. The individual tasks forming a workflow can be assigned to particular remote execution platforms, called workers, either preselected ahead of time or decided just in time where a matching worker will automatically be assigned for the next task in the workflow. Workers announce their capabilities, i.e., tasks are only assigned to capable workers. Furthermore, tasks of a workflow can be executed on multiple workers that are automatically selected to balance the overall load. OPPLOAD also offers the ability to handle several types of error and exceptions appropriately. Our Python implementation of OPPLOAD, which uses the Serval Mesh to handle networking and routing, is publicly available as open source software. The results of our experimental evaluation demonstrate the feasibility of our approach.

      October 2019  44th IEEE Conference on Local Computer Networks (LCN) Conference

    Multi-Strategy Simulation of Aerial Post-Disaster Ad Hoc Communication Support Systems

    Julian Zobel, Patrick Lieser, Ralf Steinmetz

    PDF BibTeX

    Abstract
    In case of destroyed or impaired infrastructure due to natural catastrophes, mobile devices such as smartphones can be used to create civilian ad hoc networks to provide basic means of communication. Due to the human behavior to form groups and cluster around significant locations in such situations, however, the network is often heavily intermittent, and thus, communication between clusters is impossible. Aerial Post-Disaster Ad Hoc Communication Support Systems can overcome the gaps between clusters, but the performance is highly dependent on factors like the applied strategy, the amount of UAVs, or their technical specifications. In this demonstration, we present different support strategies in an urban post-disaster scenario. Attendees can interact and select strategies and explore different strategy parameter settings, while observing the effect on the network performance and, additionally, gaining a comprehensive insight into the strategy behavior. The interaction with the demonstration underlines the vast amount of different settings and influence factors, an aerial system operator must take into account when selecting and adapting a strategy suitable for the current situation, as motivated in our accompanying main conference pape ZLD+19.

      August 2019  2019 World Congress on Resilience, Reliability and Asset Management (WCRRAM) Conference

    The Emergency Responsive Digital City

    Matthias Hollick, Anne Hofmeister, Jens Ivo Engels, Bernd Freisleben, Gerrit Hornung, Anja Klein, Michèle Knodt, Imke Lorenz, Max Mühlhäuser, Peter Pelz, Annette Rudolph-Cleff, Ralf Steinmetz, Florian Steinke, Oskar von Stryk

    BibTeX

      2019  Proceedings of the ACM on Programming Languages Article

    A Fault-Tolerant Programming Model for Distributed Interactive Applications

    Ragnar Mogk, Joscha Drechsler, Guido Salvaneschi, Mira Mezini

    PDF BibTeX DOI: 10.25534/tuprints-00014554

    Abstract
    Ubiquitous connectivity of web, mobile, and IoT computing platforms has fostered a variety of distributed applications with decentralized state. These applications execute across multiple devices with varying reliability and connectivity. Unfortunately, there is no declarative fault-tolerant programming model for distributed interactive applications with an inherently decentralized system model. We present a novel approach to automating fault tolerance using high-level programming abstractions tailored to the needs of distributed interactive applications. Specifically, we propose a calculus that enables formal reasoning about applications’ dataflow within and across individual devices. Our calculus reinterprets the functional reactive programming model to seamlessly integrate its automated state change propagation with automated crash recovery of device-local dataflow and disconnection-tolerant distribution with guaranteed automated eventual consistency semantics based on conflict-free replicated datatypes. As a result, programmers are relieved of handling intricate details of distributing change propagation and coping with distribution failures in the presence of interactivity. We also provides proofs of our claims, an implementation of our calculus, and an empirical evaluation using a common interactive application.

      2019  Proceedings of the ACM on Programming Languages Article

    Language-Integrated Privacy-Aware Distributed Queries

    Guido Salvaneschi, Mirko Köhler, Daniel Sokolowski, Philipp Haller, Sebastian Erdweg, Mira Mezini

    PDF BibTeX DOI: 10.25534/tuprints-00014553

    Abstract
    Distributed query processing is an effective means for processing large amounts of data. To abstract from the technicalities of distributed systems, algorithms for operator placement automatically distribute sequential data queries over the available processing units. However, current algorithms for operator placement focus on performance and ignore privacy concerns that arise when handling sensitive data. We present a new methodology for privacy-aware operator placement that both prevents leakage of sensitive information and improves performance. Crucially, our approach is based on an information-flow type system for data queries to reason about the sensitivity of query subcomputations. Our solution unfolds in two phases. First, placement space reduction generates deployment candidates based on privacy constraints using a syntax-directed transformation driven by the information-flow type system. Second, constraint solving selects the best placement among the candidates based on a cost model that maximizes performance. We verify that our algorithm preserves the sequential behavior of queries and prevents leakage of sensitive data. We implemented the type system and placement algorithm for a new query language SecQL and demonstrate significant performance improvements in benchmarks.

    Software and Tools

    DTN7-go

    In disruption-tolerant networking (DTN), data is transmitted in a store-carry-forward fashion from network node to network node. We are presenting free and open source DTN implementations of the recently released Bundle Protocol Version 7. DTN7-go is written in Go and provides features like memory safety and concurrent execution.

    Source Code Project Website

    DTN7-rs

    Rust implementation of a daemon for DTN7 Bundle Protocol draft.

    Source Code Buschfunk Project

    OpenDrop

    OpenDrop is a command-line tool written in Python that allows sharing files between devices directly over Wi-Fi. Its unique feature is that it is protocol-compatible with Apple AirDrop which allows to share files with Apple devices running iOS and macOS.

    Source Code Python Package Project Website

    OWL

    Open Wireless Link (OWL) is an open implementation of the Apple Wireless Direct Link (AWDL) ad hoc protocol for Linux and macOS written in C.

    Source Code Project Website

    OpenHaystack

    OpenHaystack is a framework for tracking personal Bluetooth devices via Apple’s massive Find My network. Use it to create your own tracking tags that you can append to physical objects (keyrings, backpacks, …) or integrate it into other Bluetooth-capable devices such as notebooks.

    Source Code Project Website

    ChirPOTLE

    ChirpOTLE is a practical LoRaWAN security evaluation framework that provides tools for the deployment and management of a LoRa testbed based on COTS hardware. It allows managing LoRa field nodes from a central controller and to orchestrate experiments and tests using a Python 3 interface.

    Source Code Project Description