Home
About Us
Research
Publications
Team
Career
News
Contact
  • EN DE

    • Publications

    We publish our research papers at a wide spectrum of venues. In addition, we aim at releasing our research results in the form of open source software projects and datasets.

    Filter by Type

    Filter by Year

    Sort by Date

      July 2022  Academy of Management Proceedings Article

    Flip the Tweet - The Two-Sided Coin of Entrepreneurial Empathy

    Carolin Bock, Konstantin Kurz

    PDF BibTeX

    Abstract
    Is empathy merely a good thing for entrepreneurs? In contrast to the hitherto predominantly positive view in entrepreneurship literature, psychology and management scholars have recently adopted a more critical perspective. Transferring their findings, we provide a novel “too-much-of-a-good-thing” perspective on entrepreneurial empathy. We test our model against a dataset of 4,725 real entrepreneurs and demonstrate that empathy influences opportunity recognition, evaluation and exploitation in an inverted U-shaped pattern. We also show that these exploited opportunities then lead to higher amounts of achieved financial resources. These findings provide strong evidence for considering entrepreneurial empathy an important but highly ambiguous success factor.

      May 2022  22nd Power Systems Computation Conference (PSCC 2022) Conference

    The Water Energy Nexus: Improved Emergency Grid Restoration with DERs

    Martin Pietsch, Florian Steinke

    PDF BibTeX

    Abstract
    Water networks as critical infrastructures typically feature emergency electricity generators for bridging short power blackouts. We propose to combine these black start capable generators with available distributed energy resources (DERs) in the power grid, often photovoltaic generation, to jointly restore both the electricity and the water grid after blackouts. This is mutually beneficial for both networks since common grid- following inverters of DERs cannot supply power without a grid- forming nucleus. We model both grids as a coupled graph and formulate a stochastic mixed-integer linear program to determine optimal switch placement and/or switching sequences. Limited fuel and power availabilities, grid-forming constraints, storages, and an even distribution of available resources are considered. By minimizing the number of switching devices and switching events we target manual operability. The proposed method extends the time that can be bridged until a full restoration of the main power grid is achieved. For a small example, we demonstrate that given enough solar radiation our solution can double the water supply duration compared to using the generators only for the water network, while additionally resupplying almost half of the electricity demand. Algorithmic scaling is validated with a combination of the IEEE 123-bus test feeder and the D-Town water network.

      April 2022  10th International Conference on Learning Representations (ICLR 2022) Conference

    Learning Graphon Mean Field Games and Approximate Nash Equilibria

    K. Cui, H. Koeppl

    BibTeX

    Abstract
    Recent advances at the intersection of dense large graph limits and mean field games have begun to enable the scalable analysis of a broad class of dynamical sequential games with large numbers of agents. So far, results have been largely limited to graphon mean field systems with continuous-time diffusive or jump dynamics, typically without control and with little focus on computational methods. We propose a novel discrete-time formulation for graphon mean field games as the limit of non-linear dense graph Markov games with weak interaction. On the theoretical side, we give extensive and rigorous existence and approximation properties of the graphon mean field solution in sufficiently large systems. On the practical side, we provide general learning schemes for graphon mean field equilibria by either introducing agent equivalence classes or reformulating the graphon mean field system as a classical mean field system. By repeatedly finding a regularized optimal control solution and its generated mean field, we successfully obtain plausible approximate Nash equilibria in otherwise infeasible large dense graph games with many agents. Empirically, we are able to demonstrate on a number of examples that the finite-agent behavior comes increasingly close to the mean field behavior for our computed equilibria as the graph or system size grows, verifying our theory. More generally, we successfully apply policy gradient reinforcement learning in conjunction with sequential Monte Carlo methods.

      February 2022  Computers & Security Article

    A Feature-driven Method for Automating the Assessment of OSINT Cyber Threat Sources

    Andrea Tundis, Samuel Ruppert, Max Mühlhäuser

    PDF BibTeX DOI: 10.1016/j.cose.2021.102576

    Abstract
    Global malware campaigns and large-scale data breaches show how everyday life can be impacted when the defensive measures fail to protect computer systems from cyber threats. Understanding the threat landscape and the adversaries’ attack tactics to perform it represent key factors for enabling an efficient defense against threats over the time. Of particular importance is the acquisition of timely and accurate information from threats intelligence sources available on the web which can provide additional intelligence on emerging threats even before they can be observed as actual attacks. Currently, specific indicators of compromise (e.g. IP addresses, domains, hashsums of malicious files) are shared in a semi-automated and structured way via so-called threat feeds. Unfortunately, current systems have to deal with the trade-off between the timeliness of such an alert (i.e. warning at the first mention of a threat) and the need to wait for verification by other sources (i.e. warning after multiple sources have verified the threat). In addition, due to the increasing number of open sources, it is challenging to find the right balance between feasibility and costs in order to identify a relatively small subset of valuable sources. In this paper, a method to automate the assessment of cyber threat intelligence sources and predict a relevance score for each source is proposed. Specifically, a model based on meta-data and word embedding is defined and experimented by training regression models to predict the relevance score of sources on Twitter. The results evaluation show that the assigned score allows to reduce the waiting time for intelligence verification, on the basis of its relevance, thus improving the time advantage of early threat detection.

      2022  The 21st Privacy Enhancing Technologies Symposium Conference

    Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System

    Alexander Heinrich, Milan Stute, Tim Kornhuber, Matthias Hollick

    PDF BibTeX DOI: 10.26083/tuprints-00020598

    Abstract
    Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called o~ine finding (OF). OF leverages online finder devices to detect the presence of missing o~ine devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, prevent tracking of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user’s top locations with an error in the order of 10 meters in urban areas. While we find that OF’s design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.

      2022  2nd Workshop on Mobile Resilience: Designing Interactive Systems for Crisis Response Conference

    Proceedings of the 2nd Workshop on Mobile Resilience: Designing Interactive Systems for Crisis Response

    PDF BibTeX DOI: 10.26083/tuprints-00020092

    Abstract
    Information and communication technologies (ICT), including artificial intelligence, internet of things, and mobile applications can be utilized to tackle important societal challenges, such as the ongoing COVID-19 pandemic. While they may increase societal resilience, their design, functionality, and underlying infrastructures must be resilient against disruptions caused by anthropogenic, natural and hybrid crises, emergencies, and threats. In order to research challenges, designs, and potentials of interactive technologies, this workshop investigated the space of mobile technologies and resilient systems for crisis response, including the application domains of cyber threat and pandemic response.

      2022  30th USENIX Security Symposium (USENIX Security 21) Conference

    PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop

    Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, Christian Weinert

    PDF BibTeX DOI: 10.26083/tuprints-00020599

    Abstract
    Apple’s offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop’s exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation.

      2022  WI 2020: 15. Internationale Tagung Wirtschaftsinformatik - Zentrale Tracks Conference

    Sticking with Landlines? Citizens’ Use and Perception of Social Media in Emergencies and Expectations Towards Emergency Services in Germany

    Jasmin Haunschild, Marc-André Kaufhold, Christian Reuter

    PDF BibTeX DOI: 10.26083/tuprints-00020743

    Abstract
    Crisis informatics has examined the use, potentials and weaknesses of social media in emergencies across different events (e.g., man-made, natural or hybrid), countries and heterogeneous participants (e.g., citizens or emergency services) for almost two decades. While most research analyzes specific cases, few studies have focused on citizens’ perceptions of different social media platforms in emergencies using a representative sample. Basing our questionnaire on a workshop with police officers, we present the results of a representative study on citizens’ perception of social media in emergencies that we conducted in Germany. Our study suggests that when it comes to emergencies, socio-demographic differences are largely insignificant and no clear preferences for emergency services’ social media strategies exist. Due to the widespread searching behavior on some platforms, emergency services can reach a wide audience by turning to certain channels but should account for groups with distinct preferences.

      2022  30th USENIX Security Symposium (USENIX Security 21) Conference

    Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi

    Milan Stute, Alexander Heinrich, Jannik Lorenz, Matthias Hollick

    PDF BibTeX DOI: 10.26083/tuprints-00020603

    Abstract
    Apple controls one of the largest mobile ecosystems, with 1.5 billion active devices worldwide, and offers twelve proprietary wireless Continuity services. Previous works have unveiled several security and privacy issues in the involved protocols. These works extensively studied AirDrop while the coverage of the remaining vast Continuity service space is still low. To facilitate the cumbersome reverse-engineering process, we describe the first guide on how to approach a structured analysis of the involved protocols using several vantage points available on macOS. Also, we develop a toolkit to automate parts of this otherwise manual process. Based on this guide, we analyze the full protocol stacks involved in three Continuity services, in particular, Handoff (HO), Universal Clipboard (UC), and Wi-Fi Password Sharing (PWS). We discover several vulnerabilities spanning from Bluetooth Low Energy (BLE) advertisements to Apple’s proprietary authentication protocols. These flaws allow for device tracking via HO’s mDNS responses, a denial-of-service (DoS) attack on HO and UC, a DoS attack on PWS that prevents Wi-Fi password entry, and a machine-in-the-middle (MitM) attack on PWS that connects a target to an attacker-controlled Wi-Fi network. Our PoC implementations demonstrate that the attacks can be mounted using affordable off-the-shelf hardware ($20 micro:bit and a Wi-Fi card). Finally, we suggest practical mitigations and share our findings with Apple, who have started to release fixes through iOS and macOS updates.

      2022  Water Article

    Water Distribution in a Socio-Technical System: Resilience Assessment for Critical Events Causing Demand Relocation

    Kevin Tiernan Logan, Michaela Leštáková, Nadja Thiessen, Jens Ivo Engels, Peter F. Pelz

    PDF BibTeX DOI: 10.26083/tuprints-00021223

    Abstract
    This study presents an exploratory, historically-informed approach to assessing resilience for critical events that cause demand relocation within a water distribution system (WDS). Considering WDS as an interdependent socio-technical system, demand relocation is regarded as a critical factor that can affect resilience similarly to the more commonly analyzed component failures such as pipe leaks and pump failures. Critical events are modeled as events during which consumer nodes are evacuated within a perimeter varying in size according to a typical length scale in the studied network. The required demand drops to zero in the evacuated area, and the equivalent demand is relocated according to three sheltering schemes. Results are presented for analyzing the effect of the size of the evacuated area, the feasibility of sheltering schemes, vulnerability of particular parts of the city as well as the suitability of network nodes to accommodate relocated demand using a suitable resilience metric. The results provided by this metric are compared with those drawn from common graph-based metrics. The conclusions are critically discussed under the consideration of historical knowledge to serve as a basis for future research to refine resilience assessment of socio-technical systems.

      December 2021  IEEE Global Communications Conference 2021 Conference

    Joint Beamforming and BS Selection for Energy-Efficient Communications via Aerial-RIS

    Jaime Quispe, Tarcisio Ferreira Maciel, Yuri Carvalho Barbosa Silva, Anja Klein

    BibTeX DOI: 10.1109/GCWkshps52748.2021.9681981

    Abstract
    Cooperative BS transmission via unmanned aerial vehicles (UAVs)-airborne reconfigurable intelligent surface (RIS), also known as aerial-RIS, is a promising solution for providing connectivity in emergency areas where network access is unavailable. The RIS requires low power in reflecting the impinging base station (BS) signals towards the direction of the user equipment (UE), and the cooperative transmission can provide a more stable connection that guarantees quality-of-service (QoS). In this work, we investigate the energy efficiency (EE) maximization of a multiple-BS single-UE single-aerial-RIS setup and the usefulness of cooperation to prevent outages. The BSs can be turned either on or off depending on their contribution to the EE, and the system is subject to QoS, power, capacity, and RIS specific constraints. We formulate a problem that jointly optimizes the selection of the BSs and the beamforming weights of BSs and RIS, and solve it with a Branch-Reduce-and-Bound (BRnB) algorithm that uses monotonic optimization and semidefinite relaxation steps. Simulation results for an illustrative setup show that the aerial-RIS increases the EE by 50% when doubling the number of its elements and cooperative aerial-RIS transmissions help to solve outages of single-BS cases.

      December 2021  IEEE Global Communications Conference 2021 Conference

    Beamforming and link activation methods for energy efficient RIS-aided transmissions in C-RANs

    Jaime Quispe, Tarcisio Ferreira Maciel, Yuri Carvalho Barbosa Silva, Anja Klein

    BibTeX DOI: 10.1109/GLOBECOM46510.2021.9685593

    Abstract
    This work studies the application of a reconfigurable intelligent surface (RIS) in a cloud radio access network (C-RAN) targeting the reduction of resource usage while providing adequate capacity. We investigate if an RIS can contribute to improve the trade-off between the downlink system spectral efficiency (SE) and energy consumption of a multi-base-station (BS) multi-user single-RIS setup by means of link activation, radiated power control, and operational power mode decisions that can benefit from RIS-enhanced radio channels. For this purpose, we optimize the activations jointly with BS and RIS beamforming for maximum energy efficiency (EE) under a centralized approach and subject to SE, power, fronthaul capacity, and RIS phase-shift constraints. The associated mixed-boolean non-linear problem is solved using monotonic and semidefinite relaxation methods integrated in a Branch-Reduce-and-Bound procedure. Simulations show that the RIS helps to increase the EE of a C-RAN w.r.t. its non-RIS-aided and fully-connected versions by 30% and 80%, respectively.

      December 2021  94th Vehicular Technology Conference (VTC2021-Fall) Conference

    Energy-Optimal Short Packet Transmission for Time-Critical Control

    Kilian Kiekenap, Andrea Patricia Ortiz Jimenez, Anja Klein

    BibTeX DOI: 10.1109/VTC2021-Fall52928.2021.9625205

    Abstract
    In this paper, the transmission energy for reliable communications with short packets and low latency requirements, e.g. for control applications, is minimized. Since the dynamics of the agents determine the allowed latencies for receiving control inputs, the requirements on latency and allowable packet error rate are individual, depending on the machine type. We consider a centralized environment with a single controller transmitting control commands wireless to multiple agents with given latency requirements. Also, the channel conditions are individual for each agent. Therefore, the optimal time-frequency resource allocation is derived for continuous time-frequency resource allocation. Since the resource allocation in OFDM systems like 5G is discrete, an algorithm to select the allocation from a resource grid with different resolutions is proposed and shown to achieve solutions with less than 0.5 dB increase in energy consumption compared to the continuous results. With numerical evaluation, the benefit of a channel-state- and deadline-aware solution is shown for a resource grid based on the 5G frame structure. On average, the gain of the proposed algorithm to an allocation only balancing the number of resources for each agent, as far as the deadlines allow, is about 50% energy saving.

      December 2021  94th Vehicular Technology Conference (VTC2021-Fall) Conference

    Energy Consumption Optimization for UAV Assisted Private Blockchain-based IIoT Networks

    Xinhua Lin, Jing Zhang, Lin Xiang, Xiohu Ge

    BibTeX DOI: 10.1109/VTC2021-Fall52928.2021.9625316

    Abstract
    The blockchain is a promising technology to enhance the security and resilience of industrial Internet of Things (IIoT) networks. However, generating blockchain for the IIoT devices usually consumes excessive energy which may not be affordable for battery-powered IIoT devices. To address this problem, in this paper, we consider an unmanned aerial vehicle (UAV) assisted private blockchain-based IIoT system. Thereby, a UAV mounted with computing processor is deployed as a multi-access edge computing platform, which is responsible for collecting data from the IIoT devices, generating blocks based on the collected data, and broadcasting the blocks to the IIoT devices. To minimize the energy consumption of the UAV, joint optimization of the central processing unit (CPU) frequencies for data computation and block generation, the amount of offloaded IIoT data, the bandwidth allocation, and the trajectory of the UAV is formulated as a nonconvex optimization problem and solved via a successive convex approximation (SCA) algorithm. Simulation results show that, compared with several baseline schemes, the proposed scheme can significantly lower the energy consumption required for the blockchain generation in IIoT networks.

      December 2021  Computers & Electrical Engineering Article

    An IoT-based context-aware model for danger situations detection

    Andrea Tundis, Muhammad Uzair, Max Mühlhäuser

    PDF BibTeX DOI: 10.1016/j.compeleceng.2021.107571

    Abstract
    On a daily basis, people perform planned or routine activities related to their needs, such as going to the office, playing sports and so on. Alongside them, unpleasant unforeseen situations can take place such as being robbed on the street or even being taken hostage. Providing information related to the crime scene or requesting help from the competent authorities is difficult. That is why, mechanisms to support users in such situations, based on their physical status, would be of great importance. Based on such idea, a context-aware model for detecting specific situations of danger is proposed. It is characterized by a set of defined features related to the body posture, the stress level and geolocation whose values are gathered through a smartphone and a smartwatch, as enabling technologies for the local computation. A machine learning technique was adopted for supporting body posture recognition, whereas a threshold-based approach was used to detect the stress level and to evaluate of user�s location. After the description of the proposed model, the achieved results as well as current limits are also discussed.

      December 2021  Computers & Electrical Engineering Article

    A social media-based over layer on the edge for handling emergency-related events

    Andrea Tundis, Maksim Melnik, Hashim Naveed, Max Mühlhäuser

    PDF BibTeX DOI: 10.1016/j.compeleceng.2021.107570

    Abstract
    Online Social Networks (OSNs), together with messaging services are tools for the exchange of entertainment-related information. However, they represent virtual environments capable of providing relevant information related to emergency or criminal events. Thanks to the simple way of using OSNs in combination to modern ubiquitous Internet of Things (IoT) smart devices, the generation and exploitation of such information is made available to users in real-time even more easily. Unfortunately, its reuse has not been taken into consideration yet due to the lack of specific models and related software tools. In this context, the paper presents a social media-based over layer for supporting the monitoring, detection, computation and information sharing of social media information related to emergency scenarios centered on smartphones and text mining techniques. The proposal is assessed through two different case studies, by evaluating the performances of different classifiers and by showing the logic of the functionalities of the related apps.

      November 2021  Conference on Empirical Methods in Natural Language Processing (EMNLP 2021) Conference

    MAD-G: Multilingual Adapter Generation for Efficient Cross-Lingual Transfer

    Alan Ansell, Maria Ponti Edoardo, Jonas Pfeiffer, Sebastian Ruder, Goran Glavaš, Ivan Vulić, Anna Korhonen

    PDF BibTeX

    Abstract
    Adapter modules have emerged as a general parameter-efficient means to specialize a pretrained encoder to new domains. Massively multilingual transformers (MMTs) have particularly benefited from additional training of language-specific adapters. However, this approach is not viable for the vast majority of languages, due to limitations in their corpus size or compute budgets. In this work, we propose MAD-G (Multilingual ADapter Generation), which contextually generates language adapters from language representations based on typological features. In contrast to prior work, our time- and space-efficient MAD-G approach enables (1) sharing of linguistic knowledge across languages and (2) zero-shot inference by generating language adapters for unseen languages. We thoroughly evaluate MAD-G in zero-shot cross-lingual transfer on part-of-speech tagging, dependency parsing, and named entity recognition. While offering (1) improved fine-tuning efficiency (by a factor of around 50 in our experiments), (2) a smaller parameter budget, and (3) increased language coverage, MAD-G remains competitive with more expensive methods for language-specific adapter training across the board. Moreover, it offers substantial benefits for low-resource languages, particularly on the NER task in low-resource African languages. Finally, we demonstrate that MAD-G’s transfer performance can be further improved via: (i) multi-source training, i.e., by generating and combining adapters of multiple languages with available task-specific training data; and (ii) by further fine-tuning generated MAD-G adapters for languages with monolingual data.

      October 2021  5th European Conference on Mobile Robots Conference

    Industrial Manometer Detection and Reading for Autonomous Inspection Robots

    Jonas Günther, Martin Oehler, Stefan Kohlbrecher, Oskar von Stryk

    BibTeX DOI: 10.1109/ECMR50962.2021.9568833

    Abstract
    Autonomous mobile robots for industrial inspection can reduce cost for digitalization of existing plants by performing autonomous routine inspections. A frequent task is reading of analog gauges to monitor the health of the facility. Automating this process involves capturing image data with a camera sensor and processing the data to read the value. Detection algorithms deployed on a mobile robot have to deal with increased uncertainty regarding localization and environmental influences. This imposes increased requirements regarding robustness to viewing angle, lighting and scale variation on detection and reading. Current approaches based on conventional computer vision require high quality images or prior knowledge. We address these limitations by leveraging the advances of neural networks in the task of object detection and instance segmentation in a two-stage pipeline. Our method robustly detects and reads manometers without prior knowledge of object location or exact object type. In our evaluation we show that our approach can detect and read manometers from a distance of up to 3 m and a viewing angle of up to 60° in different lighting conditions with needle angle estimation errors of ±2.2°. We publish the validation split of our training dataset for manometer and needle detection at https://tudatalib.ulb.tu-darmstadt.de/handle/tudatalib/2881.

      October 2021  5th European Conference on Mobile Robots Conference

    Open-Source Tools for Efficient ROS and ROS2-based 2D Human-Robot Interface Development

    Stefan Fabian, Oskar von Stryk

    BibTeX DOI: 10.1109/ECMR50962.2021.9568801

    Abstract
    2D human-robot interfaces (HRI) are a key component of most robotic systems with an (optional) teleoperation component. However, creating such an interface is often cumbersome and time-consuming since most user interface frameworks require recompilation on each change or the writing of extensive boilerplate code even for simple interfaces. In this paper, we introduce five open-source packages, namely, the ros(2)babelfish packages, the qmlros(2)plugin packages, and the hectorrvizoverlay package. These packages enable the creation of visually appealing end-user or functionality-oriented diagnostic interfaces for ROS- and ROS2-based robots in a simple and quick fashion using the QtWidget or QML user interface framework. Optionally, rendering the interface as an overlay of the 3D scene of the robotics visualization tool rviz enables developers to leverage existing extensive data visualization capabilities.

      October 2021  5th European Conference on Mobile Robots Conference

    A Flexible Framework for Virtual Omnidirectional Vision to Improve Operator Situation Awareness

    Martin Oehler, Oskar von Stryk

    BibTeX DOI: 10.1109/ECMR50962.2021.9568840

    Abstract
    During teleoperation of a mobile robot, providing good operator situation awareness is a major concern as a single mistake can lead to mission failure. Camera streams are widely used for teleoperation but offer limited field-of-view. In this paper, we present a flexible framework for virtual projections to increase situation awareness based on a novel method to fuse multiple cameras mounted anywhere on the robot. Moreover, we propose a complementary approach to improve scene understanding by fusing camera images and geometric 3D Lidar data to obtain a colorized point cloud. The implementation on a compact omnidirectional camera reduces system complexity considerably and solves multiple use-cases on a much smaller footprint compared to traditional approaches such as actuated pan-tilt units. Finally, we demonstrate the generality of the approach by application to the multi-camera system of the Boston Dynamics Spot. The software implementation is available as open-source ROS packages on the project page https://tu-darmstadt-ros-pkg.github.io/omnidirectionalvision.

      October 2021  4th International Workshop on Emerging Technologies for Authorization and Authentication Conference

    Future-Proof Web Authentication: Bring Your Own FIDO2 Extensions

    Florentin Putz, Steffen Schön, Matthias Hollick

    PDF BibTeX DOI: 10.1007/978-3-030-93747-8_2

    Abstract
    The FIDO2 standards for strong authentication on the Internet define an extension interface, which allows them to flexibly adapt to future use cases. The domain of establishing new FIDO2 extensions, however, is currently limited to web browser developers and members of the FIDO alliance. We show how researchers and developers can design and implement their own extensions for using FIDO2 as a well-established and secure foundation to demonstrate innovative authentication concepts or to support custom deployments. Our open-source implementation targets the full FIDO2 stack, such as the Chromium web browser and hardware tokens, to enable tailor-made authentication based on the power of the existing FIDO2 ecosystem. To give an overview of existing extensions, we survey all published FIDO2 extensions by manually inspecting the source code of major web browsers and authenticators. Their current design, however, hinders the implementation of custom extensions, and they only support a limited number of extensions out of the box. We discuss weaknesses of current implementations and identify the lack of extension pass-through as a major limitation in current FIDO2 clients.

      October 2021 Book

    Mastering Uncertainty in Mechanical Engineering

    P. F. Pelz, Peter Groche, Marc E. Pfetsch, Maximilian Frederic Schäffner

    PDF BibTeX DOI: 10.1007/978-3-030-78354-9

    Abstract
    This open access book reports on innovative methods, technologies and strategies for mastering uncertainty in technical systems. Despite the fact that current research on uncertainty is mainly focusing on uncertainty quantification and analysis, this book gives emphasis to innovative ways to master uncertainty in engineering design, production and product usage alike. It gathers authoritative contributions by more than 30 scientists reporting on years of research in the areas of engineering, applied mathematics and law, thus offering a timely, comprehensive and multidisciplinary account of theories and methods for quantifying data, model and structural uncertainty, and of fundamental strategies for mastering uncertainty. It covers key concepts such as robustness, flexibility and resilience in detail. All the described methods, technologies and strategies have been validated with the help of three technical systems, i.e. the Modular Active Spring-Damper System, the Active Air Spring and the 3D Servo Press, which have been in turn developed and tested during more than ten years of cooperative research. Overall, this book offers a timely, practice-oriented reference guide to graduate students, researchers and professionals dealing with uncertainty in the broad field of mechanical engineering.

      September 2021  i-com: Journal of Interactive Media Article

    Towards Resilient Critical Infrastructures - Motivating Users to Contribute to Smart Grid Resilience

    Rolf Egert, Nina Gerber, Jasmin Haunschild, Philipp Kuehn, Verena Zimmermann

    BibTeX DOI: 10.1515/icom-2021-0021

    Abstract
    Smart cities aim at improving efficiency while providing safety and security by merging conventional infrastructures with information and communication technology. One strategy for mitigating hazardous situations and improving the overall resilience of the system is to involve citizens. For instance, smart grids involve prosumers—capable of producing and consuming electricity—who can adjust their electricity profile dynamically (i. e., decrease or increase electricity consumption), or use their local production to supply electricity to the grid. This mitigates the impact of peak consumption periods on the grid and makes it easier for operators to control the grid. This involvement of prosumers is accompanied by numerous socio-technical challenges, including motivating citizens to contribute by adjusting their electricity consumption to the requirements of the energy grid. Towards this end, this work investigates motivational strategies and tools, including nudging, persuasive technologies, and incentives, that can be leveraged to increase the motivation of citizens. We discuss long-term and side effects and ethical and privacy considerations, before portraying bug bounty programs, gamification and apps as technologies and strategies to communicate the motivational strategies to citizens.

      August 2021  30th USENIX Security Symposium Conference

    PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop

    Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, Christian Weinert

    PDF BibTeX

    Abstract
    Apple’s offline file-sharing service AirDrop is integrated into more than 1.5 billion end-user devices worldwide. We discovered two design flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sender and receiver devices. As a remediation, we study the applicability of private set intersection (PSI) to mutual authentication, which is similar to contact discovery in mobile messengers. We propose a novel optimized PSI-based protocol called PrivateDrop that addresses the specific challenges of offline resource-constrained operation and integrates seamlessly into the current AirDrop protocol stack. Using our native PrivateDrop implementation for iOS and macOS, we experimentally demonstrate that PrivateDrop preserves AirDrop’s exemplary user experience with an authentication delay well below one second. We responsibly disclosed our findings to Apple and open-sourced our PrivateDrop implementation.

      June 2021  14th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

    OpenHaystack: A Framework for Tracking Personal Bluetooth Devices via Apple’s Massive Find My Network

    Alexander Heinrich, Milan Stute, Matthias Hollick

    BibTeX DOI: 10.1145/3448300.3468251

    Abstract
    OpenHaystack is an open-source framework for locating personal Bluetooth devices using Apple’s Find My Network. A user can integrate it into Bluetooth-capable devices, such as notebooks, or create custom tracking accessories that can be attached to personal items (key rings, backpacks, etc.). We provide firmware images for the Nordic nRF5 chips and the ESP32. We show that they consume little energy and run from a single coin cell for a year. Our macOS application can locate personal accessories. Finally, we make both application and firmware available on GitHub.

      June 2021  14th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

    AirCollect: Efficiently Recovering Hashed Phone Numbers Leaked via Apple AirDrop

    Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, Christian Weinert

    PDF BibTeX DOI: 10.1145/3448300.3468252

    Abstract
    Apple’s file-sharing service AirDrop leaks phone numbers and email addresses by exchanging vulnerable hash values of the user’s own contact identifiers during the authentication handshake with nearby devices. In a paper presented at USENIX Security’21, we theoretically describe two attacks to exploit these vulnerabilities and propose “PrivateDrop” as a privacy-preserving drop-in replacement for Apple’s AirDrop protocol based on private set intersection. In this demo, we show how these vulnerabilities are efficiently exploitable via Wi-Fi and physical proximity to a target. Privacy and security implications include the possibility of conducting advanced spear phishing attacks or deploying multiple “collector” devices in order to build databases that map contact identifiers to specific locations. For our proof-of-concept, we leverage a custom rainbow table construction to reverse SHA-256 hashes of phone numbers in a matter of milliseconds. We discuss the trade-off between success rate and storage requirements of the rainbow table and, after following responsible disclosure with Apple, we publish our proof-of-concept implementation as “AirCollect” on GitHub.

      May 2021 Book

    Sicherheitskritische Mensch-Computer-Interaktion : Interaktive Technologien und Soziale Medien im Krisen- und Sicherheitsmanagement

    PDF BibTeX DOI: 10.1007/978-3-658-32795-8

    Abstract
    Die zweite, aktualisierte Auflage dieses Lehr- und Fachbuchs gibt eine fundierte und praxisbezogene Einführung sowie einen Überblick über Grundlagen, Methoden und Anwendungen der Mensch-Computer-Interaktion im Kontext von Sicherheit, Notfällen, Krisen, Katastrophen, Krieg und Frieden. Dies adressierend werden interaktive, mobile, ubiquitäre und kooperative Technologien sowie soziale Medien vorgestellt. Hierbei finden klassische Themen wie benutzbare (IT-)Sicherheit, Industrie 4.0, Katastrophenschutz, Medizin und Automobil, aber auch Augmented Reality, Crowdsourcing, Shitstorm Management, Social Media Analytics und Cyberwar ihren Platz. Methodisch wird das Spektrum von Usable Safety bis Usable Security Engineering von Analyse über Design bis Evaluation abgedeckt. Das Buch eignet sich ebenso als Lehrbuch für Studierende wie als Handbuch für Wissenschaftler, Designer, Entwickler und Anwender.

      May 2021  TU Darmstadt Wiesbaden Book

    Information Refinement Technologies for Crisis Informatics: User Expectations and Design Implications for Social Media and Mobile Apps

    Marc-André Kaufhold

    PDF BibTeX

    Abstract
    Marc-André Kaufhold explores user expectations and design implications for the utilization of new media in crisis management and response. He develops a novel framework for information refinement, which integrates the event, organisational, societal, and technological perspectives of crises. Therefore, he reviews the state of the art on crisis informatics and empirically examines the use, potentials and barriers of both social media and mobile apps. Based on these insights, he designs and evaluates ICT concepts and artifacts with the aim to overcome the issues of information overload and quality in large-scale crises, concluding with practical and theoretical implications for technology adaptation and design.

      April 2021  IEEE Transactions on Mobile Computing Article

    Performance and Pitfalls of 60 GHz WLANs Based on Consumer-Grade Hardware

    Swetank Kumar Saha, Hany Assasa, Adrian Loch, Naveen Muralidhar Prakash, Roshan Shyamsunder, Shivang Aggarwal, Daniel Steinmetzer, Dimitrios Koutsonikolas, Joerg Widmer, Matthias Hollick

    PDF BibTeX DOI: 10.1109/TMC.2020.2967386

    Abstract
    Wireless networks operating in the 60 GHz band have the potential to provide very high throughput but face a number of challenges (e.g., high attenuation, beam training, and coping with mobility) which are widely accepted but often not well understood in practice. Understanding these challenges, and especially their actual impact on consumer-grade hardware is fundamental to fully exploit the high physical layer rates in the 60 GHz band. To this end, we perform an extensive measurement campaign using two commercial off-the-shelf 60 GHz routers in real-world environments. Our results allow us to revisit a range of issues and provide much deeper insights into the reasons for specific performance compared to prior work on performance characterization. Further, our study goes beyond basic link characterization and explores for the first time practical considerations such as coverage and access point deployment. While some of our observations are expected, we also obtain highly surprising insights that challenge the prevailing wisdom in the community. We derive the shortcomings of current commercial 60 GHz devices, and the fundamental problems that remain open on the way to fast and efficient 60 GHz networking.

      March 2021  Fachtagung Mechatronik 2021 Conference

    Entwicklung eines autonomiefokussierten hochmobilen Bodenrobotersystems für den Katastrophenschutz

    Marius Schnaubelt, Tobias Ullrich, Moritz Torchalla, Jonas Diegelmann, Matthias Hoffmann, Oskar von Stryk

    PDF BibTeX

    Abstract
    Mobile Rettungsroboter ermöglichen den menschlichen Bedienern die Bearbeitung von Aufgaben aus sicherer Entfernung in risikoreichen Umgebungen. Durch die unstrukturierte Umgebung der komplexen und vorab unbekannten Einsatzszenarien, verursacht die aktuell übliche Teleoperation der Robotersysteme eine hohe kognitive Belastung für den Roboteroperator, was schnell zur Ermüdung führt. Durch intelligente autonome Assistenzfunktionen können die Operatoren entlastet werden, wodurch die Wahrscheinlichkeit von Bedienfehlern reduziert und die Effizienz des Robotereinsatzes erhöht werden kann. Diese innovativen Assistenzfunktionen benötigen jedoch ein mechatronisches Design, dessen Anforderungen an Hard- und Software für ein effektives Gesamtsystem eng aufeinander abgestimmt und umgesetzt werden müssen. Die Entwicklung eines hochmobilen autonomiefokussierten Bodenroboters mit modularen Sensornutzlasten ermöglicht dem Operator ein umfassendes Situationsbewusstsein sowie Unterstützung bei Navigation und Manipulation. Die Evaluation des Gesamtsystems und von Einzelkomponenten analysiert die Erfüllung des Anforderungskatalogs und demonstriert so die Eignung für (semi-)autonome Rettungsrobotikeinsätze.

      2021 Other

    Transformation, Zirkulation, System of Systems : Für ein dynamisches Verständnis netzgebundener Infrastrukturen

    Jens Ivo Engels, Sybille Frank, Iryna Gurevych, Martina Heßler, Michèle Knodt, Jochen Monstadt, Alfred Nordmann, Andreas Oetting, Annette Rudolph-Cleff, Uwe Rüppel, Gerrit Jasper Schenk, Florian Steinke

    PDF BibTeX DOI: 10.26083/tuprints-00017923

    Abstract
    Der Aufsatz plädiert dafür, die Dynamik technischer netzgebundener Infrastrukturen mit einem dreifachen Ansatz zu untersuchen: Transformation, Zirkulation und System of Systems. Transformation repräsentiert dabei die Veränderung von Infrastrukturen als Gesamtsysteme. Zirkulation repräsentiert die in jeder Infrastrukturfunktion eingeschriebene Dynamik. Gemeint ist der Austausch von Gütern, Menschen, Informationen oder Energie in Netzen. System of Systems ist ein Konzept zur Beschreibung der Interdependenzen verschiedener verbundener Sektoren und Systeme. Die drei Merkmale der Transformation sind aufeinander bezogen: Das Konzept des System of System liefert einen Erklärungsansatz, auf welchen Wegen Zirkulation stattfindet (in und zwischen Netzwerken) und welche Faktoren die Zirkulation beeinflussen. Diese Phänomene können wiederum als Ursachen oder Anreize für Transformation auf der Systemebene begriffen werden. Umgekehrt ist zu fragen, inwieweit Transformationsprozesse der Infrastrukturnetze die Konfiguration des System of Systems verändern.

      2021  2021 IEEE International Symposium on Safety, Security, and Rescue Robotics (SSRR) Conference

    HectorGrapher: Continuous-time Lidar SLAM with Multi-resolution Signed Distance Function Registration for Challenging Terrain

    Kevin Daun, Marius Schnaubelt, Stefan Kohlbrecher, Oskar von Stryk

    BibTeX

    Abstract
    For deployment in previously unknown, unstructured, and GPS-denied environments, autonomous mobile rescue robots need to localize themselves in such environments and create a map of it using a simultaneous localization and mapping (SLAM) approach. Continuous-time SLAM approaches represent the pose as a time-continuous estimate that provides high accuracy and allows correcting for distortions induced by motion during the scan capture. To enable robust and accurate real-time SLAM in challenging terrain, we propose HectorGrapher which enables accurate localization by continuous-time pose estimation and robust scan registration based on multi-resolution signed distance functions. We evaluate the method in multiple publicly available real-world datasets, as well as a data set from the RoboCup 2021 Rescue League, where we applied the proposed method to win the Best-in-Class “Exploration and Mapping” Award.

      2021  24th International Conference on Artificial Intelligence and Statistics Conference

    Approximately Solving Mean Field Games via Entropy-Regularized Deep Reinforcement Learning

    Kai Cui, Heinz Koeppl

    BibTeX

    Abstract
    The recent mean field game (MFG) formalism facilitates otherwise intractable computation of approximate Nash equilibria in many-agent settings. In this paper, we consider discrete-time finite MFGs subject to finite-horizon objectives. We show that all discrete-time finite MFGs with non-constant fixed point operators fail to be contractive as typically assumed in existing MFG literature, barring convergence via fixed point iteration. Instead, we incorporate entropy-regularization and Boltzmann policies into the fixed point iteration. As a result, we obtain provable convergence to approximate fixed points where existing methods fail, and reach the original goal of approximate Nash equilibria. All proposed methods are evaluated with respect to their exploitability, on both instructive examples with tractable exact solutions and high-dimensional problems where exact methods become intractable. In high-dimensional scenarios, we apply established deep reinforcement learning methods and empirically combine fictitious play with our approximations.

      2021  60th Conference on Decision and Control (CDC2021) Conference

    Discrete-Time Mean Field Control with Environment States

    K. Cui, A. Tahir, M. Sinzger, H. Koeppl

    BibTeX

    Abstract
    Multi-agent reinforcement learning methods have shown remarkable potential in solving complex multi-agent problems but mostly lack theoretical guarantees. Recently, mean field control and mean field games have been established as a tractable solution for large-scale multi-agent problems with many agents. In this work, driven by a motivating scheduling problem, we consider a discrete-time mean field control model with common environment states. We rigorously establish approximate optimality as the number of agents grows in the finite agent case and find that a dynamic programming principle holds, resulting in the existence of an optimal stationary policy. As exact solutions are difficult in general due to the resulting continuous action space of the limiting mean field Markov decision process, we apply established deep reinforcement learning methods to solve the associated mean field control problem. The performance of the learned mean field control policy is compared to typical multi-agent reinforcement learning approaches and is found to converge to the mean field performance for sufficiently many agents, verifying the obtained theoretical results and reaching competitive solutions

      2021  Water Article

    Optimal Resilience Enhancement of Water Distribution Systems

    Imke-Sophie Lorenz, Peter F. Pelz

    PDF BibTeX DOI: 10.26083/tuprints-00019245

    Abstract
    Water distribution systems (WDSs) as critical infrastructures are subject to demand peaks due to daily consumption fluctuations, as well as long term changes in the demand pattern due to increased urbanization. Resilient design of water distribution systems is of high relevance to water suppliers. The challenging combinatorial problem of high-quality and, at the same time, low-cost water supply can be assisted by cost-benefit optimization to enhance the resilience of existing main line WDSs, as shown in this paper. A Mixed Integer Linear Problem, based on a graph-theoretical resilience index, is implemented considering WDS topology. Utilizing parallel infrastructures, specifically those of the urban transport network and the water distribution network, makes allowances for physical constraints, in order to adjust the existing WDS and to enhance resilience. Therefore, decision-makers can be assisted in choosing the optimal adjustment of WDS depending on their investment budget. Furthermore, it can be observed that, for a specific urban structure, there is a convergence of resilience enhancement with higher costs. This cost-benefit optimization is conducted for a real-world main line WDS, considering also the limitations of computational expenses.

      2021  30th USENIX Security Symposium Conference

    Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi

    Milan Stute, Alexander Heinrich, Jannik Lorenz, Matthias Hollick

    PDF BibTeX

    Abstract
    Apple controls one of the largest mobile ecosystems, with 1.5 billion active devices worldwide, and offers twelve proprietary wireless Continuity services. Previous works have unveiled several security and privacy issues in the involved protocols. These works extensively studied AirDrop while the coverage of the remaining vast Continuity service space is still low. To facilitate the cumbersome reverse-engineering process, we describe the first guide on how to approach a structured analysis of the involved protocols using several vantage points available on macOS. Also, we develop a toolkit to automate parts of this otherwise manual process. Based on this guide, we analyze the full protocol stacks involved in three Continuity services, in particular, Handoff (HO), Universal Clipboard (UC), and Wi-Fi Password Sharing (PWS). We discover several vulnerabilities spanning from Bluetooth Low Energy (BLE) advertisements to Apple’s proprietary authentication protocols. These flaws allow for device tracking via HO’s mDNS responses, a denial-of-service (DoS) attack on HO and UC, a DoS attack on PWS that prevents Wi-Fi password entry, and a machine-in-the-middle (MitM) attack on PWS that connects a target to an attacker-controlled Wi-Fi network. Our PoC implementations demonstrate that the attacks can be mounted using affordable off-the-shelf hardware ($20 micro:bit and a Wi-Fi card). Finally, we suggest practical mitigations and share our findings with Apple, who have started to release fixes through iOS and macOS updates.

      2021  WiSec ‘20: 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

    DEMO: BTLEmap: Nmap for Bluetooth Low Energy

    Alexander Heinrich, Milan Stute, Matthias Hollick

    PDF BibTeX DOI: 10.26083/tuprints-00017839

    Abstract
    The market for Bluetooth Low Energy (BLE) devices is booming and, at the same time, has become an attractive target for adversaries. To improve BLE security at large, we present BTLEmap, an auditing application for BLE environments. BTLEmap is inspired by network discovery and security auditing tools such as Nmap for IP-based networks. It allows for device enumeration, Generic Attribute Profile (GATT) service discovery, and device fingerprinting. It also features a BLE advertisement dissector, data exporter, and a user-friendly UI including a proximity view. BTLEmap currently runs on iOS and macOS using Apple’s CoreBluetooth API but also accepts alternative data inputs such as a Raspberry Pi to overcome the restricted vendor API. The open-source project is under active development and will provide more advanced capabilities such as long-term device tracking (in spite of MAC address randomization) in the future.

      2021  IEEE Transactions on Dependable and Secure Computing Article

    RESCUE: A Resilient and Secure Device-to-Device Communication Framework for Emergencies

    Milan Stute, Florian Kohnhauser, Lars Baumgärtner, Lars Almon, Matthias Hollick, Stefan Katzenbeisser, Bernd Freisleben

    PDF BibTeX DOI: 10.26083/tuprints-00017838

    Abstract
    During disasters, existing telecommunication infrastructures are often congested or even destroyed. In these situations, mobile devices can form a backup communication network for civilians and emergency services using disruption-tolerant networking (DTN) principles. Unfortunately, such distributed and resource-constrained networks are particularly susceptible to a wide range of attacks such as terrorists trying to cause more harm. In this paper, we present RESCUE, a resilient and secure device-to-device communication framework for emergency scenarios that provides comprehensive protection against common attacks. RESCUE features a minimalistic DTN protocol that, by design, is secure against notable attacks such as routing manipulations, dropping, message manipulations, blackholing, or impersonation. To further protect against message flooding and Sybil attacks, we present a twofold mitigation technique. First, a mobile and distributed certificate infrastructure particularly tailored to the emergency use case hinders the adversarial use of multiple identities. Second, a message buffer management scheme significantly increases resilience against flooding attacks, even if they originate from multiple identities, without introducing additional overhead. Finally, we demonstrate the effectiveness of RESCUE via large-scale simulations in a synthetic as well as a realistic natural disaster scenario. Our simulation results show that RESCUE achieves very good message delivery rates, even under flooding and Sybil attacks.

      2021  2021 IEEE International Symposium on Safety, Security, and Rescue Robotics (SSRR) Conference

    Robust Multisensor Fusion for Reliable Mapping and Navigation in Degraded Visual Conditions

    Moritz Torchalla, Marius Schnaubelt, Kevin Daun, Oskar von Stryk

    BibTeX

    Abstract
    We address the problem of robust simultaneous mapping and localization in degraded visual conditions using low-cost off-the-shelf radars. Current methods often use high- end radar sensors or are tightly coupled to specific sensors, limiting the applicability to new robots. In contrast, we present a sensor-agnostic processing pipeline based on a novel forward sensor model to achieve accurate updates of signed distance function-based maps and robust optimization techniques to reach robust and accurate pose estimates. Our evaluation demonstrates accurate mapping and pose estimation in indoor environments under poor visual conditions and higher accuracy compared to existing methods on publicly available benchmark data.

      November 2020  45th Local Computer Networks Symposium on Emerging Topics in Networking Conference

    Topology-aware Path Planning for In-Transit Coverage of Aerial Post-Disaster Communication Assistance Systems

    Julian Zobel, Benjamin Becker, Ralf Kundel, Patrick Lieser, Ralf Steinmetz

    BibTeX DOI: 10.1109/LCNSymposium50271.2020.9363268

    Abstract
    The increase in natural disasters that impair and destroy communication infrastructure over the last years simultaneously increased the importance of infrastructure-independent ad hoc communication. Especially delay-tolerant networks (DTNs) are able to provide basic communication functionality for civilians, but performance suffers from a typically highly intermittent network with clusters around important locations like shelters. Small Unmanned Aerial Vehicles (UAVs) have proven to be efficient data ferries between clusters, but they require knowledge of cluster locations and also do not cover network nodes in transit between clusters. These in-transit nodes are therefore disconnected from the network for a long time and might miss critical messages like evacuation notices or hazard warnings. This paper provides two contributions for UAV-assisted post-disaster DTN communication. First, we present a novel approach to estimate the location of dynamically changing clusters in a post-disaster scenario. Second, we introduced a topology-aware path planning approach for UAV data ferry flights, covering in-transit node on their way between clusters. Our evaluation results highlight the quality requirements on topology information for an efficient application of Aerial Post-Disaster Communication Assistance Systems and demonstrate the positive impact of in-transit node coverage on the DTN’s communication performance.

      November 2020  Proceedings of the ACM on Programming Languages Article

    Rethinking Safe Consistency in Distributed Object-Oriented Programming

    Mirko Köhler, Nafise Eskandani, Pascal Weisenburger, Alessandro Margara, Guido Salvaneschi

    BibTeX DOI: 10.1145/3428256

    Abstract
    Large scale distributed systems require to embrace the trade off between consistency and availability, accepting lower levels of consistency to guarantee higher availability. Existing programming languages are, however, agnostic to this compromise, resulting in consistency guarantees that are the same for the whole application and are implicitly adopted from the middleware or hardcoded in configuration files. In this paper, we propose to integrate availability in the design of an object-oriented language, allowing developers to specify different consistency and isolation constraints in the same application at the granularity of single objects. We investigate how availability levels interact with object structure and define a type system that preserves correct program behavior. Our evaluation shows that our solution performs efficiently and improves the design of distributed applications.

      September 2020  Proceedings of the 14th International Workshop on Wireless Network Testbeds, Experimental evaluation & Characterization Conference

    Hardware-Accelerated Real-Time Stream Data Processing on Android with GNU Radio

    Bastian Bloessl, Lars Baumgärtner, Matthias Hollick

    PDF BibTeX DOI: 10.1145/3411276.3412184

    Abstract
    With the ever-increasing performance of smartphones and tablets, they become viable platforms for applications that were, in the past, only possible on desktops or laptops. In this paper, we study their applicability for real-time stream-data processing, which is particularly interesting for Software Defined Radio (SDR) applications, enabling wireless measurement and experimentation campaigns on mobile platforms. To this end, we port GNU Radio, a state-of-theart, open source, real-time stream-data processing framework, to Android and evaluate its performance. We show that it is possible to fully benefit from available accelerators, i.e., Single Instruction Multiple Data (SIMD) and the Graphics Processing Unit (GPU), which provide considerable speedups and allow for efficient implementations. As a general-purpose real-time data processing framework, GNU Radio can provide the base for a wide range of applications. To demonstrate its flexibility, we provide example applications that implement FM and Wireless LAN (WLAN). Our toolchain is published as open source software, thus serving as an enabler for highly mobile SDR applications.

      August 2020  Datenschutz und Datensicherheit (DuD) Article

    Datensicherheit von Corona-Apps nach der DSGVO

    Tim Grube, Alexander Heinrich, Jan-Philipp Stroscher, Sabrina Schomberg

    BibTeX DOI: 10.1007/s11623-020-1314-0

    Abstract
    Der Beitrag analysiert die Protokolle der Konsortien DP-3T und PEPP-PT aus technischer Perspektive und grenzt diese voneinander ab. Zudem wird die technische Ausgestaltung der Entwicklerschnittstelle (API) von Google und Apple dargestellt. Aufbauend darauf erfolgt eine rechtliche Beurteilung der sich aus Art. 5 Abs. 1 lit. f, 25, 32 DSGVO ergebenden und die Datensicherheit betreffenden Kriterien und deren konkrete Umsetzung in den Protokollen.

      July 2020  13th ACM Conference on Security and Privacy in Wireless and Mobile Networks Conference

    Acoustic Integrity Codes: Secure Device Pairing Using Short-Range Acoustic Communication

    Florentin Putz, Flor Álvarez, Jiska Classen

    PDF BibTeX DOI: 10.1145/3395351.3399420

    Abstract
    Secure Device Pairing (SDP) relies on an out-of-band channel to authenticate devices. This requires a common hardware interface, which limits the use of existing SDP systems. We propose to use short-range acoustic communication for the initial pairing. Audio hardware is commonly available on existing off-the-shelf devices and can be accessed from user space without requiring firmware or hardware modifications. We improve upon previous approaches by designing Acoustic Integrity Codes (AICs): a modulation scheme that provides message authentication on the acoustic physical layer. We analyze their security and demonstrate that we can defend against signal cancellation attacks by designing signals with low autocorrelation. Our system can detect overshadowing attacks using a ternary decision function with a threshold. In our evaluation of this SDP scheme’s security and robustness, we achieve a bit error ratio below 0.1% for a net bit rate of 100 bps with a signal-to-noise ratio (SNR) of 14 dB. Using our open-source proof-of-concept implementation on Android smartphones, we demonstrate pairing between different smartphone models.

      June 2020  International Journal of Mechanics and Control Article

    Optimization-Based Planning for Autonomous Traversal of Obstacles with Mobile Ground Robots

    Martin Oehler, Stefan Kohlbrecher, Oskar von Stryk

    BibTeX

    Abstract
    Mobile robotic platforms which are traversing unstructured environments with challenging uneven terrain are permanently endangered of falling over. Previous research on trajectory planning methods for the prevention of vehicle tip-over is mostly limited to basic mobility systems with only few degrees of freedom (DOF). This paper proposes a novel optimization-based planning approach that enables mobile robots to autonomously traverse obstacles and rough terrain more safely. A 3D world model as provided from external sensors like Lidar is used to compute a whole-body motion plan in advance by optimizing the trajectories of each joint. Active flipper tracks maximize ground contact for improved traction and, if available, manipulator arm joints are used to further improve stability metrics. Additional constraints prevent collisions with the environment and the robot itself. The presented approach makes only few assumptions about the robot’s configuration and is applicable to a wide range of wheeled or tracked platforms. This is demonstrated by experimental evaluation for two different robots in simulation and for one physical robot. In four different test scenarios it is shown, that the proposed approach effectively prevents vehicle tip-over during traversal of uneven ground.

      June 2020  International Journal of Disaster Risk Reduction (IJDRR) Article

    Emergency service staff and social media – A comparative empirical study of the attitude by Emergency Services staff in Europe in 2014 and 2017

    Christian Reuter, Marc-André Kaufhold, Fabian Spahr, Thomas Spielhofer, Anna Sophie Hahne

    PDF BibTeX DOI: 10.1016/j.ijdrr.2020.101516

    Abstract
    Finding a way to ensure an effective use of social media has become increasingly important to emergency services over the past decade. Despite all efforts to determine the utility of social media for emergency organisations, it is necessary to benefit from such institutions’ staffs’ opinions to establish effective use. To provide empirical evidence we present a comparison of two surveys, conducted across Europe with emergency services in 2014 and 2017 respectively, with a total of 1169 answers. The analysis shows that personal experience has an effect on how organisational usage of social media is perceived and how emergency service staff view the future use of social media. Furthermore, the use has increased. This article not only shows emergency services what their staff think about their social media usage but also discusses challenges and future directions for the design of systems that can be useful for further development of optimized organisational social media usage.

      May 2020  28th European Conference on Information Systems Conference

    Warning the Public: A Survey on Attitudes, Expectations and Use of Mobile Crisis Apps in Germany

    Marc-André Kaufhold, Jasmin Haunschild, Christian Reuter

    PDF BibTeX

    Abstract
    As part of information systems, the research field of crisis informatics increasingly investigates the potentials and limitations of mobile crisis apps, which constitute a relatively new public service for citizens and are specifically designed for the dissemination of disaster‐related information and communication between authorities, organizations and citizens. While existing crisis apps, such as KATWARN or NINA in Germany, focus on preparatory information and warning functionality, there is a need for apps and research on police-related functionality, such as information on cybercrime, fraud offences, or search for missing persons. Based on a workshop with civil protection (N=12) and police officers (N=15), we designed a questionnaire and conducted a representative survey of German citizens (N=1.219) on the past, current and future use, perceived helpfulness, deployment and behavioural preferences, configurability and most important functionality of mobile crisis apps. Our results indicate that in addition to emergency and weather warnings, crime- and health-related warnings are also desired by many, as is the possibility for bidirectional communication. People also want one central app and are resistant to installing more than one crisis app. Furthermore, there are few significant differences between socioeconomic groups.

      May 2020  17th International Conference on Information Systems for Crisis Response and Management (ISCRAM 2020) Conference

    LoRa-based Device-to-Device Smartphone Communication for Crisis Scenarios

    Jonas Höchst, Lars Baumgärtner, Franz Kuntke, Alvar Penning, Artur Sterz, Bernd Freisleben

    PDF BibTeX

    Abstract
    In this paper, we present an approach to facilitate long-range device-to-device communication via smartphones in crisis scenarios. Through a custom firmware for low-cost LoRa capable micro-controller boards, called rf95modem, common devices for end users can be enabled to use LoRa through a Bluetooth, Wi-Fi, or serial connection. We present two applications utilizing the flexibility provided by the proposed firmware. First, we introduce a novel device-to-device LoRa chat application that works a) on the two major mobile platforms Android and iOS and b) on traditional computers like notebooks using a console-based interface. Second, we demonstrate how other infrastructure-less technology can benefit from our approach by integrating it into the DTN7 delay-tolerant networking software. The firmware, the device-to-device chat application, the integration into DTN7, as well as the experimental evaluation code fragments are available under permissive open-source licenses.

      April 2020  Proceedings of the International Conference on Wirtschaftsinformatik (WI) Conference

    Sticking with Landlines? Citizens’ Use and Perception of Social Media in Emergencies and Expectations Towards Emergency Services in Germany

    Jasmin Haunschild, Marc-André Kaufhold, Christian Reuter

    BibTeX DOI: 10.30844/wi_2020_o2-haunschild

    Abstract
    Crisis informatics has examined the use, potentials and weaknesses of social media in emergencies across different events (e.g., man-made, natural or hybrid), countries and heterogeneous participants (e.g., citizens or emergency services) for almost two decades. While most research analyzes specific cases, few studies have focused on citizens’ perceptions of different social media platforms in emergencies using a representative sample. Basing our questionnaire on a workshop with police officers, we present the results of a representative study on citizens’ perception of social media in emergencies that we conducted in Germany. Our study suggests that when it comes to emergencies, socio-demographic differences are largely insignificant and no clear preferences for emergency services’ social media strategies exist. Due to the widespread searching behavior on some platforms, emergency services can reach a wide audience by turning to certain channels but should account for groups with distinct preferences.

      April 2020  2020 CHI Conference on Human Factors in Computing Systems Conference

    Walk The Line: Leveraging Lateral Shifts of the Walking Path as an Input Modality for Head-Mounted Displays

    Florian Müller, Martin Schmitz, Daniel Schmitt, Sebastian Günther, Markus Funk, Max Mühlhäuser

    BibTeX DOI: 10.1145/3313831.3376852

    Abstract
    Recent technological advances have made head-mounted displays (HMDs) smaller and untethered, fostering the vision of ubiquitous interaction in a digitally augmented physical world. Consequently, a major part of the interaction with such devices will happen on the go, calling for interaction techniques that allow users to interact while walking. In this paper, we explore lateral shifts of the walking path as a hands-free input modality. The available input options are visualized as lanes on the ground parallel to the user’s walking path. Users can select options by shifting the walking path sideways to the respective lane. We contribute the results of a controlled experiment with 18 participants, confirming the viability of our approach for fast, accurate, and joyful interactions. Further, based on the findings of the controlled experiment, we present three example applications.

      March 2020  Technische Universität Darmstadt Thesis

    Secure device-to-device communication for emergency response

    Flor Álvarez

    PDF BibTeX DOI: 10.25534/tuprints-00011486

    Abstract
    Mobile devices have the potential to make a significant impact during disasters. However, their practical impact is severely limited by the loss of access to mobile communication infrastructure: Precisely, when there is a surge in demand for communications from people in a disaster zone, this capacity for communications is severely curtailed. This loss of communications undermines the effectiveness of the many recent innovations in the use of smartphones and similar devices to mitigate the effects of disasters. While various solutions have been proposed, e. g., by having handsets form wireless ad hoc networks, none are complete: Some are specific to certain mobile operating systems or operating system versions. Others result in unacceptably increased energy consumption, flattening the batteries of phones at a time when users need to conserve energy due to the loss of access to opportunities to recharge their mobile devices. Realistic user behaviour, including patterns of movement and communications, are also rarely addressed. Further, security is rarely considered in a comprehensive and satisfying manner, leaving users exposed to a variety of potential attacks. Thus there is a compelling need to find more effective solutions for communications, energy management, and security of mobile devices operating in disaster conditions. To address these shortcomings, this thesis provides a suite of comprehensive solutions that contribute to facilitate secure device-to-device communication for emergency response. This thesis works to solve these problems by: (i) Conducting a large-scale field-trial to understand and analyze civilians’ behaviour during disaster scenarios; (ii) Proposing a practical, lightweight scheme for bootstrapping device-to-device security, that is tailored for local urban operations representative of disaster scenarios; (iii) Realizing novel energy management strategies for the neighbour discovery problem, which deliver significant energy savings in return for only a minimal reduction in neighbour discovery efficiency; (iv) The description of novel concepts for using devices in a smart city environment that remain functional following a disaster to support communications among mobile devices. In short, this thesis adds considerably to the understanding of the difficulties in the formation of direct device-to-device communications networks composed primarily of civilians’ mobile devices, and how several facets of this problem can be mitigated. Several of the proposed enhancements are also implemented. Thus, this thesis also takes essential steps in the direction of realizing such solutions to demonstrate their feasibility on real devices, intending to improve the tools available to civilians post-disaster.

      February 2020  The Art, Science, and Engineering of Programming Article

    Implementing a Language for Distributed Systems: Choices and Experiences with Type Level and Macro Programming in Scala

    Pascal Weisenburger, Guido Salvaneschi

    PDF BibTeX DOI: 10.22152/programming-journal.org/2020/4/17

    Abstract
    Multitier programming languages reduce the complexity of developing distributed systems by developing the distributed system in a single coherent code base. The compiler or the runtime separate the code for the components of the distributed system, enabling abstraction over low level implementation details such as data representation, serialization and network protocols. Our ScalaLoci language allows developers to declare the different components and their architectural relation at the type level, allowing static reasoning about about distribution and remote communication and guaranteeing static type safety across components. The compiler splits the multitier program into the component-specific code and automatically generates the communication boilerplate. Communication between components can be modeled by declaratively specifying data flows between components using reactive programming. In this paper, we report on the implementation of our design and our experience with embedding our language features into Scala as a host language. We show how a combination of Scala’s advanced type level programming and its macro system can be used to enrich the language with new abstractions. We comment on the challenges we encountered and the solutions we developed for our current implementation and outline suggestions for an improved macro system to support the such use cases of embedding of domain-specific abstractions.

      February 2020  Embedded Wireless Systems and Networks (EWSN) Conference

    Improving the Reliability of Bluetooth Low Energy Connections

    Michael Spörk, Jiska Classen, Carlo Alberto Boano, Matthias Hollick, Kay Römer

    PDF BibTeX

    Abstract
    o sustain a reliable data exchange, applications based on Bluetooth Low Energy (BLE) need to effectively blacklist channels and adapt the physical mode of an active connection at runtime. Although the BLE specification foresees the use of these two mechanisms, their implementation is left up to the radio vendors and has not been studied in detail yet. This paper fills this gap: we first investigate experimentally how to assess the quality of a BLE connection at runtime using information gathered from the radio. We then show how this information can be used to promptly blacklist poor channels and select a physical mode that sustains a high link-layer reliability while minimizing power consumption. We implement both mechanisms on two popular platforms and show experimentally that they allow to significantly improve the reliability of BLE connections, with a reduction in packet loss by up to 22 % compared to existing solutions.

      February 2020  Technische Universität Darmstadt Thesis

    Availability by Design: Practical Denial-of-Service-Resilient Distributed Wireless Networks

    Milan Stute

    PDF BibTeX DOI: 10.25534/tuprints-00011457

    Abstract
    Distributed wireless networks (DWNs) where devices communicate directly without relying on Internet infrastructure are on the rise, driving new applications and paradigms such as multimedia, authentication, payment, Internet of things (IoT), vehicular communication, and emergency response. However, the increased societal reliance on technology and the resulting “always-on” expectations of the users increase the risk of denial-of-service (DoS) attacks as they can leverage disruption in new ways beyond extortions (ransomware) that are common in today’s Internet ecosystem. These new risks extend to our physical world, directly impacting our daily lives, e.g., by being locked out of a smart home or by disrupting vehicular collision avoidance systems. As a research community, we need to protect those new applications that—as we find—can be mapped to a total of three distinct networking scopes: neighbor, island, and archipelago. In this thesis, we advance the field in each of these scopes. First, we analyze two proprietary neighbor communication protocols, Apple Wireless Direct Link (AWDL) and Apple AirDrop, that are deployed on more than 1.4 billion devices worldwide. During the process, we uncover several security and privacy vulnerabilities ranging from design flaws to implementation bugs leading to a machine-in-the-middle (MitM) attack on AirDrop, a DoS attack on AWDL preventing communication, and DoS attacks enabling crashing of neighboring devices. In addition, we found privacy leaks that enable user identification and long-term tracking. All attacks can be mounted using low-cost off-the-shelf hardware. In total, we disclose eight distinct vulnerabilities that we mitigate in collaboration with Apple. Second, we design and implement a new island communication protocol tailored to IoT scenarios, which provides provable protections against previously neglected risks such as wormhole- and replay-supported greyhole attacks. We support our analytical findings with testbed experiments. Third, we propose an archipelago-scope communication framework for emergencies that achieves resiliency against flooding and Sybil attacks. We evaluate our design using an original expert knowledge-based simulation that models human mobility during the aftermath of the 2013 Typhoon Haiyan in the Philippines. Finally, and to nourish future research, we provide a guide for analyzing Apple’s wireless ecosystem and publish several software artifacts, including an AWDL Wireshark dissector, open AWDL and AirDrop implementations, a prototype of our IoT communication protocol, and our natural disaster mobility model.

      2020  2020 CHI Conference on Human Factors in Computing Systems (CHI ‘20) Conference

    Podoportation: Foot-Based Locomotion in Virtual Reality

    Julius von Willich, Martin Schmitz, Florian Müller, Daniel Schmitt, Max Mühlhäuser

    BibTeX DOI: dx.10.1145/3313831.3376626

    Abstract
    Virtual Reality (VR) allows for infinitely large environments. However, the physical traversable space is always limited by real-world boundaries. This discrepancy between physical and virtual dimensions renders traditional locomotion methods used in real world unfeasible. To alleviate these limitations, research proposed various artificial locomotion concepts such as teleportation, treadmills, and redirected walking. However, these concepts occupy the user’s hands, require complex hardware or large physical spaces. In this paper, we contribute nine VR locomotion concepts for foot-based and hands-free locomotion, relying on the 3D position of the user’s feet and the pressure applied to the sole as input modalities. We evaluate our concepts and compare them to state-of-the-art point & teleport technique in a controlled experiment with 20 participants. The results confirm the viability of our approaches for hands-free and engaging locomotion. Further, based on the findings, we contribute a wireless hardware prototype implementation.

      2020  International Journal of Disaster Risk Reduction Article

    Empirical insights for designing Information and Communication Technology for International Disaster Response

    Milan Stute, Max Maass, Tom Schons, Marc-André Kaufhold, Christian Reuter, Matthias Hollick

    PDF BibTeX DOI: 10.25534/tuprints-00013309

    Abstract
    Due to the increase in natural disasters in the past years, Disaster Response Organizations (DROs) are faced with the challenge of coping with more and larger operations. Currently appointed Information and Communications Technology (ICT) used for coordination and communication is sometimes outdated and does not scale, while novel technologies have the potential to greatly improve disaster response efficiency. To allow adoption of these novel technologies, ICT system designers have to take into account the particular needs of DROs and characteristics of International Disaster Response (IDR). This work attempts to bring the humanitarian and ICT communities closer together. In this work, we analyze IDR-related documents and conduct expert interviews. Using open coding, we extract empirical insights and translate the peculiarities of DRO coordination and operation into tangible ICT design requirements. This information is based on interviews with active IDR staff as well as DRO guidelines and reports. Ultimately, the goal of this paper is to serve as a reference for future ICT research endeavors to support and increase the efficiency of IDR operations.

      January 2020  Information Processing & Management Article

    Rapid relevance classification of social media posts in disasters and emergencies: A system and evaluation featuring active, incremental and online learning

    Marc-André Kaufhold, Markus Bayer, Christian Reuter

    BibTeX DOI: 10.1016/j.ipm.2019.102132

    Abstract
    The research field of crisis informatics examines, amongst others, the potentials and barriers of social media use during disasters and emergencies. Social media allow emergency services to receive valuable information (e.g., eyewitness reports, pictures, or videos) from social media. However, the vast amount of data generated during large-scale incidents can lead to issue of information overload. Research indicates that supervised machine learning techniques are sui- table for identifying relevant messages and filter out irrelevant messages, thus mitigating in- formation overload. Still, they require a considerable amount of labeled data, clear criteria for relevance classification, a usable interface to facilitate the labeling process and a mechanism to rapidly deploy retrained classifiers. To overcome these issues, we present (1) a system for social media monitoring, analysis and relevance classification, (2) abstract and precise criteria for re- levance classification in social media during disasters and emergencies, (3) the evaluation of a well-performing Random Forest algorithm for relevance classification incorporating metadata from social media into a batch learning approach (e.g., 91.28%/89.19% accuracy, 98.3%/89.6% precision and 80.4%/87.5% recall with a fast training time with feature subset selection on the European floods/BASF SE incident datasets), as well as (4) an approach and preliminary eva- luation for relevance classification including active, incremental and online learning to reduce the amount of required labeled data and to correct misclassifications of the algorithm by feed- back classification. Using the latter approach, we achieved a well-performing classifier based on the European floods dataset by only requiring a quarter of labeled data compared to the tradi- tional batch learning approach. Despite a lesser effect on the BASF SE incident dataset, still a substantial improvement could be determined.

      2020  Disaster Research Days 2020 - Konferenzband Conference

    Politische Naturkatastrophen - Wie Ideologien den Umgang mit Hochwasser prägten

    Nadja Thiessen

    BibTeX

    Abstract
    Die Bewältigung von Krisen und Katastrophen weist stets auch eine politische Dimension auf. Exemplarisch lässt sich dies für das 20. Jahrhundert in Deutschland und den dortigen Umgang mit Flusshochwassern nachweisen. In den ausgewählten Fallstädten Mannheim und Dresden konnte zwar ein konstanter Bewältigungskreislauf im städtischen Hochwasserschutz identifiziert werden, wenn dieser jedoch in seinen historischen Kontext gesetzt wird, offenbaren sich Unterschiede. Sie können vor allem auf die verschiedenen politischen Rahmenbedingungen wie Staatsform und vorherrschende Ideologie zurückgeführt werden. Im folgenden Beitrag werden die Einflüsse historischer autoritärer Regime, insbesondere des Nationalsozialismus und der DDR, den demokratischen Systemen gegenübergestellt.

      2020  IEEE Internet of Things Journal Article

    LIDOR: A Lightweight DoS-Resilient Communication Protocol for Safety-Critical IoT Systems

    Milan Stute, Pranay Agarwal, Abhinav Kumar, Arash Asadi, Matthias Hollick

    PDF BibTeX DOI: 10.25534/tuprints-00013320

    Abstract
    IoT devices penetrate different aspects of our life including critical services, such as health monitoring, public safety, and autonomous driving. Such safety-critical IoT systems often consist of a large number of devices and need to withstand a vast range of known Denial-of-Service (DoS) network attacks to ensure a reliable operation while offering low-latency information dissemination. As the first solution to jointly achieve these goals, we propose LIDOR, a secure and lightweight multihop communication protocol designed to withstand all known variants of packet dropping attacks. Specifically, LIDOR relies on an end-to-end feedback mechanism to detect and react on unreliable links and draws solely on efficient symmetric-key cryptographic mechanisms to protect packets in transit. We show the overhead of LIDOR analytically and provide the proof of convergence for LIDOR which makes LIDOR resilient even to strong and hard-to-detect wormhole-supported grayhole attacks. In addition, we evaluate the performance via testbed experiments. The results indicate that LIDOR improves the reliability under DoS attacks by up to 91% and reduces network overhead by 32% compared to a state-of-the-art benchmark scheme.

      November 2019  ASE2019 Conference

    Automated Refactoring to Reactive Programming

    Mirco Köhler, Guido Salvaneschi

    PDF BibTeX DOI: 10.1109/ASE.2019.00082

    Abstract
    Reactive programming languages and libraries, such as ReactiveX, have been shown to significantly improve software design and have seen important industrial adoption over the last years. Asynchronous applications – which are notoriously error-prone to implement and to maintain – greatly benefit from reactive programming because they can be defined in a declarative style, which improves code clarity and extensibility. In this paper, we tackle the problem of refactoring existing code bases that are designed using traditional abstractions for asynchronous programming. We propose 2Rx, a refactoring tool to automatically convert asynchronous code to reactive programming. Our evaluation on top-starred GitHub projects shows that 2Rx is effective with the most common asynchronous constructs, covering ~94.7% of the projects with asynchronous computations, and it can provide a refactoring for ~91.7% of their occurrences.

      October 2019  13th International Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization (WiNTECH ’19) Conference

    Free Your CSI: A Channel State Information Extraction Platform For Modern Wi-Fi Chipsets

    Francesco Gringoli, Matthias Schulz, Jakob Link, Matthias Hollick

    PDF BibTeX DOI: 10.1145/3349623.3355477

    Abstract
    Modern wireless transmission systems heavily benefit from knowing the channel response. The evaluation of Channel State Information (CSI) during the reception of a frame preamble is fundamental to properly equalizing the rest of the transmission at the receiver side. Reporting this state information back to the transmitter facilitates mechanisms such as beamforming and MIMO, thus boosting the network performance. While these features are an integral part of standards such as 802.11ac, accessing CSI data on commercial devices is either not possible, limited to outdated chipsets or very inflexible. This hinders the research and development of innovative CSI-dependent techniques including localization, object tracking, and interference evaluation. To help researchers and practitioners, we introduce the nexmon CSI Extractor Tool. It allows per-frame CSI extraction for up to four spatial streams using up to four receive chains on modern Broadcom and Cypress Wi-Fi chips with up to 80MHz bandwidth in both the 2.4 and 5GHz bands. The tool supports devices ranging from the low-cost Raspberry Pi platform, over mobile platforms such as Nexus smartphones to state-of-the-art Wi-Fi APs. We release all tools and Wi-Fi firmware patches as extensible open source project. It includes our user-friendly smartphone application to demonstrate the CSI extraction capabilities in form of a waterfall diagram.

      October 2019  44th IEEE Conference on Local Computer Networks (LCN) Conference

    Multi-Strategy Simulation of Aerial Post-Disaster Ad Hoc Communication Support Systems

    Julian Zobel, Patrick Lieser, Ralf Steinmetz

    PDF BibTeX

    Abstract
    In case of destroyed or impaired infrastructure due to natural catastrophes, mobile devices such as smartphones can be used to create civilian ad hoc networks to provide basic means of communication. Due to the human behavior to form groups and cluster around significant locations in such situations, however, the network is often heavily intermittent, and thus, communication between clusters is impossible. Aerial Post-Disaster Ad Hoc Communication Support Systems can overcome the gaps between clusters, but the performance is highly dependent on factors like the applied strategy, the amount of UAVs, or their technical specifications. In this demonstration, we present different support strategies in an urban post-disaster scenario. Attendees can interact and select strategies and explore different strategy parameter settings, while observing the effect on the network performance and, additionally, gaining a comprehensive insight into the strategy behavior. The interaction with the demonstration underlines the vast amount of different settings and influence factors, an aerial system operator must take into account when selecting and adapting a strategy suitable for the current situation, as motivated in our accompanying main conference pape ZLD+19.

      October 2019  18th International Conference on Ad Hoc Networks and Wireless (ADHOC-NOW 2019) Conference

    DTN7: An Open-Source Disruption-tolerant Networking Implementation of Bundle Protocol 7

    Alvar Penning, Lars Baumgärtner, Jonas Höchst, Artur Sterz, Mira Mezini, Bernd Freisleben

    PDF BibTeX

    Abstract
    In disruption-tolerant networking (DTN), data is transmitted in a store-carry-forward fashion from network node to network node. In this paper, we present an open source DTN implementation, called DTN7, of the recently released Bundle Protocol Version 7 (draft version 13). DTN7 is written in Go and provides features like memory safety and concurrent execution. With its modular design and interchangeable components, DTN7 facilitates DTN research and application development. Furthermore, we present results of a comparative experimental evaluation of DTN7 and other DTN systems including Serval, IBR-DTN, and Forban. Our results indicate that DTN7 is a flexible and efficient open-source multi-platform implementation of the most recent Bundle Protocol Version 7.

      October 2019  44th IEEE Conference on Local Computer Networks (LCN 2019) Conference

    OPPLOAD: Offloading Computational Workflows in Opportunistic Networks

    Artur Sterz, Lars Baumgärtner, Jonas Höchst, Patrick Lampe, Bernd Freisleben

    BibTeX

    Abstract
    Computation offloading is often used in mobile cloud computing, edge computing, and/or fog computing to cope with resource limitations of mobile devices in terms of computational power, storage, and energy. Computation offloading is particularly challenging in situations where network connectivity is periodic, intermittent, or error-prone. In this paper, we present OPPLOAD, a novel framework designed for offloading computational workflows in opportunistic networks that provide support for communication in such situations. The individual tasks forming a workflow can be assigned to particular remote execution platforms, called workers, either preselected ahead of time or decided just in time where a matching worker will automatically be assigned for the next task in the workflow. Workers announce their capabilities, i.e., tasks are only assigned to capable workers. Furthermore, tasks of a workflow can be executed on multiple workers that are automatically selected to balance the overall load. OPPLOAD also offers the ability to handle several types of error and exceptions appropriately. Our Python implementation of OPPLOAD, which uses the Serval Mesh to handle networking and routing, is publicly available as open source software. The results of our experimental evaluation demonstrate the feasibility of our approach.

      October 2019  2019 IEEE Global Humanitarian Technology Conference (GHTC 2019) Conference

    Smart Street Lights and Mobile Citizen Apps for Resilient Communication in a Digital City

    Lars Baumgärtner, Jonas Höchst, Patrick Lampe, Ragnar Mogk, Artur Sterz, Pascal Weisenburger, Mira Mezini, Bernd Freisleben

    BibTeX

    Abstract
    Currently, nearly four billion people live in urban areas. Since this trend is increasing, natural disasters or terrorist attacks in such areas affect an increasing number of people. While information and communication technology is crucial for the operation of urban infrastructures and the well-being of its inhabitants, current technology is quite vulnerable to disruptions of various kinds. In future smart cities, a more resilient urban infrastructure is imperative to handle the increasing number of hazardous situations. We present a novel resilient communication approach based on smart street lights as part of the public infrastructure. It supports people in their everyday life and adapts its functionality to the challenges of emergency situations. Our approach relies on various environmental sensors and in-situ processing for automatic situation assessment, and a range of communication mechanisms (e.g., public WiFi hotspot functionality and mesh networking) for maintaining a communication network. Furthermore, resilience is not only achieved based on infrastructure deployed by a digital city’s municipality, but also based on integrating citizens through software that runs on their mobile devices (e.g., smartphones and tablets). Web-based zero-installation and platform-agnostic apps can switch to device-to-device communication to continue benefiting people even during a disaster situation. Our approach, featuring a covert channel for professional responders and the zero-installation app, is evaluated through a prototype implementation based on a commercially available street light.

      August 2019  2019 World Congress on Resilience, Reliability and Asset Management (WCRRAM) Conference

    The Emergency Responsive Digital City

    Matthias Hollick, Anne Hofmeister, Jens Ivo Engels, Bernd Freisleben, Gerrit Hornung, Anja Klein, Michèle Knodt, Imke Lorenz, Max Mühlhäuser, Peter F. Pelz, Annette Rudolph-Cleff, Ralf Steinmetz, Florian Steinke, Oskar von Stryk

    BibTeX

      2019  Proceedings of the ACM on Programming Languages Article

    Language-Integrated Privacy-Aware Distributed Queries

    Guido Salvaneschi, Mirko Köhler, Daniel Sokolowski, Philipp Haller, Sebastian Erdweg, Mira Mezini

    PDF BibTeX DOI: 10.25534/tuprints-00014553

    Abstract
    Distributed query processing is an effective means for processing large amounts of data. To abstract from the technicalities of distributed systems, algorithms for operator placement automatically distribute sequential data queries over the available processing units. However, current algorithms for operator placement focus on performance and ignore privacy concerns that arise when handling sensitive data. We present a new methodology for privacy-aware operator placement that both prevents leakage of sensitive information and improves performance. Crucially, our approach is based on an information-flow type system for data queries to reason about the sensitivity of query subcomputations. Our solution unfolds in two phases. First, placement space reduction generates deployment candidates based on privacy constraints using a syntax-directed transformation driven by the information-flow type system. Second, constraint solving selects the best placement among the candidates based on a cost model that maximizes performance. We verify that our algorithm preserves the sequential behavior of queries and prevents leakage of sensitive data. We implemented the type system and placement algorithm for a new query language SecQL and demonstrate significant performance improvements in benchmarks.

      2019  Proceedings of the ACM on Programming Languages Article

    A Fault-Tolerant Programming Model for Distributed Interactive Applications

    Ragnar Mogk, Joscha Drechsler, Guido Salvaneschi, Mira Mezini

    PDF BibTeX DOI: 10.25534/tuprints-00014554

    Abstract
    Ubiquitous connectivity of web, mobile, and IoT computing platforms has fostered a variety of distributed applications with decentralized state. These applications execute across multiple devices with varying reliability and connectivity. Unfortunately, there is no declarative fault-tolerant programming model for distributed interactive applications with an inherently decentralized system model. We present a novel approach to automating fault tolerance using high-level programming abstractions tailored to the needs of distributed interactive applications. Specifically, we propose a calculus that enables formal reasoning about applications’ dataflow within and across individual devices. Our calculus reinterprets the functional reactive programming model to seamlessly integrate its automated state change propagation with automated crash recovery of device-local dataflow and disconnection-tolerant distribution with guaranteed automated eventual consistency semantics based on conflict-free replicated datatypes. As a result, programmers are relieved of handling intricate details of distributing change propagation and coping with distribution failures in the presence of interactivity. We also provides proofs of our claims, an implementation of our calculus, and an empirical evaluation using a common interactive application.

    Policy Papers

    In our view, there is an urgent need to increase and sustain the resilience of current and future information and communication technology (ICT). We call ICT resilient if it can maintain an acceptable minimum or substitute functionality despite significant impairments and is equipped for a swift return to normal behaviour.
    Auch verfügbar unter emergencity.de/s/pp1.

    Download the paper

    Learn more

    The system of our critical infrastructures is becoming more complex and crisis-prone. Human or technical failure, natural disasters, pandemics, cyber or terrorist attacks can also lead to a supraregional power blackout in Germany that lasts longer than 24 hours.
    Auch verfügbar unter emergencity.de/s/pp2.

    Download the paper

    Learn more

    Software and Tools

    DTN7-go

    In disruption-tolerant networking (DTN), data is transmitted in a store-carry-forward fashion from network node to network node. We are presenting free and open source DTN implementations of the recently released Bundle Protocol Version 7. DTN7-go is written in Go and provides features like memory safety and concurrent execution.

    Source Code Project Website

    DTN7-rs

    Rust implementation of a daemon for DTN7 Bundle Protocol draft.

    Source Code Buschfunk Project

    OpenDrop

    OpenDrop is a command-line tool written in Python that allows sharing files between devices directly over Wi-Fi. Its unique feature is that it is protocol-compatible with Apple AirDrop which allows to share files with Apple devices running iOS and macOS.

    Source Code Python Package Project Website

    OWL

    Open Wireless Link (OWL) is an open implementation of the Apple Wireless Direct Link (AWDL) ad hoc protocol for Linux and macOS written in C.

    Source Code Project Website

    OpenHaystack

    OpenHaystack is a framework for tracking personal Bluetooth devices via Apple’s massive Find My network. Use it to create your own tracking tags that you can append to physical objects (keyrings, backpacks, …) or integrate it into other Bluetooth-capable devices such as notebooks.

    Source Code Project Website

    ChirPOTLE

    ChirpOTLE is a practical LoRaWAN security evaluation framework that provides tools for the deployment and management of a LoRa testbed based on COTS hardware. It allows managing LoRa field nodes from a central controller and to orchestrate experiments and tests using a Python 3 interface.

    Source Code Project Description

    AdapterHub

    “Adapter” refers to a set of newly introduced weights, typically within the layers of a transformer model. Adapters provide an alternative to fully fine-tuning the model for each downstream task, while maintaining performance.

    Project Website Demonstration

    SPARCODE

    We proposed SPARCODE, a community detection method that uses spectral partitioning based on estimating a robust and sparse graph model.

    Source Code

    image_projection

    image_projection is a ROS package to create various projections from multiple calibrated cameras.

    Source Code

    PrivateDrop

    We developed a solution named PrivateDrop to replace the flawed original AirDrop design. PrivateDrop is based on optimized cryptographic private set intersection protocols that can securely perform the contact discovery process between two users without exchanging vulnerable hash values.

    Source Code Project Website

    T-LARS

    Early-Terminated Forward Variable Selection algorithm computes the solution path of the Terminating-LARS (T-LARS) algorithm. The T-LARS algorithm is a major building block of the T-Rex selector (see R package ‘trex’).

    Source Code Project Website

    TRexSelector

    : High-Dimensional Variable Selection & FDR Control. Performs fast variable selection in high-dimensional settings while controlling the false discovery rate (FDR) at a user-defined target level.

    Source Code Project Website

    1-stage-wseg

    Single-stage semantic segmentation from image labels

    Source Code

    da-sac

    Self-supervised augmentation consistency for adapting semantic segmentation

    Source Code

    dense-ulern-vos

    Dense unsupervised learning for video segmentation

    Source Code