Sebastian N. Peters
Security Researcher and PhD Student | Industrial Cybersecurity
About Me
I am a security researcher at Fraunhofer AISEC and a PhD student at the Technical University of Munich (TUM) since April 2021. My research interests include authentication and trust establishment in industrial environments, secure device bootstrapping, and protocol security. I hold an M.Sc. degree from RWTH Aachen University, graduating with distinction (grade 1.2, top 10%) in Electrical Engineering, Information Technology and Computer Engineering, as well as a second M.Sc. degree in Management, Business and Economics. During my studies, I spent a semester abroad at the University of Auckland, New Zealand, where I focused on security and communication technology.
Publications
Leveraging BRSKI to Protect the Hardware Supply Chain of Operational Technology: Opportunities and Challenges
Proceedings of the 40th ACM/SIGAPP Symposium on Applied Computing, 2025-03-31 | Conference paper
@inproceedings{10.1145/3672608.3707707,
author = {Heinl, Michael P. and Reuter, Adrian and Peters, Sebastian N. and Bever, Markus},
title = {Leveraging BRSKI to Protect the Hardware Supply Chain of Operational Technology: Opportunities and Challenges},
year = {2025},
isbn = {9798400706295},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3672608.3707707},
doi = {10.1145/3672608.3707707},
booktitle = {Proceedings of the 40th ACM/SIGAPP Symposium on Applied Computing},
pages = {245–254},
numpages = {10},
keywords = {hardware supply chain security, industrial security, PKI},
location = {Catania International Airport, Catania, Italy},
series = {SAC '25}}
The increase of interconnected Operational Technology (OT) devices leads to a need for scalable, yet secure onboarding to establish a trust relationship between a new device and its operator domain. The protocol Bootstrapping Remote Secure Key Infrastructure (BRSKI) is a promising candidate to automatically establish such trust relationships and secure the OT hardware supply chain, especially when used in combination with hardware-based cryptographic device identities. Although there is a reference implementation, BRSKI has not seen many real-world applications yet. We develop a testbed to investigate possible causes by analyzing the capabilities of the BRSKI reference implementation, optimizing specific aspects, and extending its functionality to utilize trusted platform modules protecting the device's identity. Subsequently, we assess if BRSKI can be used in conformity with IEC 62443. Our findings suggest that BRSKI provides promising opportunities to secure the OT hardware supply chain but also potential for improvement.
SoK: The Engineer’s Guide to Post-Quantum Cryptography for Embedded Devices
2024-08-30 | Preprint
@misc{cryptoeprint:2024/1345,
author = {Maximilian Pursche and Nikolai Puch and Sebastian N. Peters and Michael P. Heinl},
title = {{SoK}: The Engineer’s Guide to Post-Quantum Cryptography for Embedded Devices},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1345},
year = {2024},
url = {https://eprint.iacr.org/2024/1345}}
Embedded systems are flexible and cost-effective and thus have found a use case in almost every part of our daily lives. Due to their widespread use, they have also become valuable targets for cyber attacks. However, translating cutting-edge cyber security from servers and desktops to the embedded realm can be challenging due to the limited computational power and memory of embedded devices. Although quantum computing is still in early research and development, it threatens to break conventional asymmetric cryptography which is a key component of most secure applications currently in use. Given the long lifespan of embedded devices, which can last for decades, research must find solutions for post-quantum (PQ) security rather sooner than later. The field of post-quantum cryptography (PQC) received significant attention in 2019 when the National Institute for Standards and Technology (NIST) launched a competition to find suitable PQC algorithms. During the PQC competition, the applicability of novel PQC algorithms to embedded devices was an important topic that garnered significant research interest. We provide a survey of the latest research regarding PQC for embedded systems. However, rather than focusing on PQC algorithms, our study revolves around practical use cases intending to help embedded developers understand the current state of research from an integration perspective.
Gateway to the Danger Zone: Secure and Authentic Remote Reset in Machine Safety
Proceedings of the 19th International Conference on Availability, Reliability and Security, 2024-07-30 | Conference paper
@inproceedings{10.1145/3664476.3670940,
author = {Peters, Sebastian N. and Puch, Nikolai and Heinl, Michael P. and Zieris, Philipp and Protsenko, Mykolai
and Larsen-Vefring, Thorsten and Ely Gomes, Marcel and Maftun, Aliza and Zeschg, Thomas},
title = {Gateway to the Danger Zone: Secure and Authentic Remote Reset in Machine Safety},
year = {2024},
isbn = {9798400717185},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3664476.3670940},
doi = {10.1145/3664476.3670940},
booktitle = {Proceedings of the 19th International Conference on Availability, Reliability and Security},
articleno = {150},
numpages = {9},
keywords = {Acknowledgment, Authenticity, Manual Reset, OT, Remote Operator, Safety via Security},
location = {Vienna, Austria},
series = {ARES '24}}
The increasing digitization of modern flexible manufacturing systems has opened up new possibilities for higher levels of automation, paving the way for innovative concepts such as Equipment-as-a-Service. Concurrently, remote access has gained traction, notably accelerated by the COVID-19 pandemic. While some areas of manufacturing have embraced these advancements, safety applications remain localized. This work aims to enable the remote reset of local safety events. To identify necessary requirements, we conducted expert-workshops and analyzed relevant standards and regulations. These requirements serve as the foundation for a comprehensive security and safety concept, built around a secure gateway. It uses secure elements, crypto agility, PQC, and certificates for secure and authentic communication. To show its applicability, we implemented a prototype, which utilizes a gateway, cameras, and light barriers to monitor the danger zone of a robot and thus enable remote reset via public Internet. The real-world limitations we faced, were used to refine our requirements and concept iteratively. Ultimately, we present a secure and safe solution that enables the remote acknowledgment of safety-critical applications.
ParsEval: Evaluation of Parsing Behavior using Real-world Out-in-the-wild X.509 Certificates
Proceedings of the 19th International Conference on Availability, Reliability and Security, 2024-07-30 | Conference paper
@inproceedings{10.1145/3664476.3669935,
author = {Tatschner, Stefan and Peters, Sebastian N. and Heinl, Michael P. and Specht, Tobias and Newe, Thomas},
title = {ParsEval: Evaluation of Parsing Behavior using Real-world Out-in-the-wild X.509 Certificates},
year = {2024},
isbn = {9798400717185},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3664476.3669935},
doi = {10.1145/3664476.3669935},
booktitle = {Proceedings of the 19th International Conference on Availability, Reliability and Security},
articleno = {143},
numpages = {9},
keywords = {ASN.1, TLS libraries, X.509, conformity testing, digital certificates, parsing},
location = {Vienna, Austria},
series = {ARES '24}}
X.509 certificates play a crucial role in establishing secure communication over the internet by enabling authentication and data integrity. Equipped with a rich feature set, the X.509 standard is defined by multiple, comprehensive ISO/IEC documents. Due to its internet-wide usage, there are different implementations in multiple programming languages leading to a large and fragmented ecosystem. This work addresses the research question “Are there user-visible and security-related differences between X.509 certificate parsers?”. Relevant libraries offering APIs for parsing X.509 certificates were investigated and an appropriate test suite was developed. From 34 libraries 6 were chosen for further analysis. The X.509 parsing modules of the chosen libraries were called with 186,576,846 different certificates from a real-world dataset and the observed error codes were investigated. This study reveals an anomaly in wolfSSL’s X.509 parsing module and that there are fundamental differences in the ecosystem. While related studies nowadays mostly focus on fuzzing techniques resulting in artificial certificates, this study confirms that available X.509 parsing modules differ largely and yield different results, even for real-world out-in-the-wild certificates.
From Standard to Practice: Towards ISA/IEC 62443-conform Public Key Infrastructures
SAFECOMP 2023: Computer Safety, Reliability, and Security: 42nd International Conference, 2023-09-11 | Conference paper
@inproceedings{10.1007/978-3-031-40923-3_15,
author = {Heinl, Michael P. and Pursche, Maximilian and Puch, Nikolai and Peters, Sebastian N. and Giehl, Alexander},
title = {From Standard to Practice: Towards ISA/IEC 62443-Conform Public Key Infrastructures},
year = {2023},
isbn = {978-3-031-40922-6},
publisher = {Springer-Verlag},
address = {Berlin, Heidelberg},
url = {https://doi.org/10.1007/978-3-031-40923-3_15},
doi = {10.1007/978-3-031-40923-3_15},
booktitle = {Computer Safety, Reliability, and Security: 42nd International Conference, SAFECOMP 2023, Toulouse, France, September 20–22, 2023, Proceedings},
pages = {196–210},
numpages = {15},
keywords = {PKI, ISA/IEC 62443, IACS, Security Engineering, Zero Trust},
location = {Toulouse, France}}
Public key infrastructures (PKIs) are a cornerstone for the security of modern information systems. They also offer a wide range of security mechanisms to industrial automation and control systems (IACS) and can represent an important building block for concepts like zero trust architectures and defense in depth. Hence, the ISA/IEC 62443 series of standards addresses the PKI paradigm, but there is little practical guidance on how to actually apply it to an IACS. This paper analyzes ISA/IEC 62443 for explicit and implicit requirements regarding PKI deployment to provide a guideline for developing and operating a standard-conform PKI. For this purpose, the analyzed requirements and IACS-specific constraints are combined with current research and best practices. To assess its viability, a tangible PKI use case is implemented in a test environment. The evaluation of this use case shows that common IACS components are capable of supporting PKI, but that important features are missing. For instance, the handling of PKI turns out to be time-consuming and involves many manual operations, a potential factor to render large-scale operations impractical at this point in time.
A Quic(k) Security Overview: A Literature Research on Implemented Security Recommendations
Proceedings of the 18th International Conference on Availability, Reliability and Security, 2023-08-29 | Conference paper
@inproceedings{10.1145/3600160.3605164,
author = {Tatschner, Stefan and Peters, Sebastian N. and Emeis, David and Morris, John and Newe, Thomas},
title = {A Quic(k) Security Overview: A Literature Research on Implemented Security Recommendations},
year = {2023},
isbn = {9798400707728},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3600160.3605164},
doi = {10.1145/3600160.3605164},
booktitle = {Proceedings of the 18th International Conference on Availability, Reliability and Security},
articleno = {55},
numpages = {8},
keywords = {QUIC, RFC9000, security considerations, web},
location = {Benevento, Italy},
series = {ARES '23}}
Built on top of UDP, the relatively new QUIC protocol serves as the baseline for modern web protocol stacks. Equipped with a rich feature set, the protocol is defined by a 151 pages strong IETF standard complemented by several additional documents. Enabling fast updates and feature iteration, most QUIC implementations are implemented as user space libraries leading to a large and fragmented ecosystem. This work addresses the research question, “if a complex standard with a large number of different implementations leads to an insecure ecosystem?”. The relevant RFC documents were studied and “Security Consideration” items describing conceptional problems were extracted. During the research, 13 popular production ready QUIC implementations were compared by evaluating 10 security considerations from RFC9000. While related studies mostly focused on the functional part of QUIC, this study confirms that available QUIC implementations are not yet mature enough from a security point of view.
An Approach of Replicating Multi-Staged Cyber-Attacks and Countermeasures in a Smart Grid Co-Simulation Environment
CIRED 2021 - The 26th International Conference and Exhibition on Electricity Distribution, 2021-11-02 | Conference paper
@INPROCEEDINGS{9692463,
author={Sen, Ö and van der Velde, D. and Peters, S. N. and Henze, M.},
booktitle={CIRED 2021 - The 26th International Conference and Exhibition on Electricity Distribution},
title={An Approach of Replicating Multi-Staged Cyber-Attacks and Countermeasures in a Smart Grid Co-Simulation Environment},
year={2021},
volume={2021},
number={},
pages={1634-1638},
keywords={},
doi={10.1049/icp.2021.1632}}
While the digitization of power distribution grids brings many benefits, it also introduces new vulnerabilities for cyber-attacks. To maintain secure operations in the emerging threat landscape, detecting and implementing countermeasures against cyberattacks are paramount. However, due to the lack of publicly available attack data against Smart Grids (SGs) for countermeasure development, simulation-based data generation approaches offer the potential to provide the needed data foundation. Therefore, our proposed approach provides flexible and scalable replication of multi-staged cyber-attacks in an SG Co-Simulation Environment (COSE). The COSE consists of an energy grid simulator, simulators for Operation Technology (OT) devices, and a network emulator for realistic IT process networks. Focusing on defensive and offensive use cases in COSE, our simulated attacker can perform network scans, find vulnerabilities, exploit them, gain administrative privileges, and execute malicious commands on OT devices. As an exemplary countermeasure, we present a built-in Intrusion Detection System (IDS) that analyzes generated network traffic using anomaly detection with Machine Learning (ML) approaches. In this work, we provide an overview of the SG COSE, present a multi-stage attack model with the potential to disrupt grid operations, and show exemplary performance evaluations of the IDS in specific scenarios.
Towards a Graph-Based Approach for Mesh Healing for Blocky Objects with Self-Similarities
2018 International Conference on Image and Vision Computing New Zealand (IVCNZ), 2018-11-19 | Conference paper
@INPROCEEDINGS{8634737,
author={Jones, Matthew and Hippolite, Nicole and Patel, Rai and Peters, Sebastian and Singh, Priyankit and Chen, Chia-Yen and Wünsche, Burkhard C.},
booktitle={2018 International Conference on Image and Vision Computing New Zealand (IVCNZ)},
title={Towards a Graph-Based Approach for Mesh Healing for Blocky Objects with Self-Similarities},
year={2018},
volume={},
number={},
pages={1-6},
doi={10.1109/IVCNZ.2018.8634737}}
3D digital models are used in a wide range of applications such as computer games, virtual reality, engineering and urban design. A common method to create 3D models is to create a point cloud using laser scanners, structured lighting sensors, or image-based modelling techniques, and from that construct a 3D mesh. The resulting meshes often exhibit unsatisfactory and erroneous mesh regions, e.g. due to inaccessible parts, reflective surfaces, and occlusion. In this paper we present a new approach for correcting erroneous mesh regions in blocky objects, such as buildings, using self-similarities. Our system uses a novel graph-based search technique where each node is a plane fitted to the model using RANSAC and edges are made between adjacent planes. This graph is used to find defects in a mesh by analysing the planes and neighbourhoods of all nodes in the point cloud. The system recognizes a hole in the mesh and fills it by copying matching patches from the same mesh. Regions of the mesh that must be replaced are found by a voting system where dissimilar nodes with a similar neighbourhood vote against each other. Our solution produces visually accurate models of blocky objects with holes and/or missing corners and edges. The approach currently only works for simple models and can only “heal” individual or connected faces, rather than complex holes. However, in contrast to existing solutions it works with noisy point clouds and does not require the construction of a polygonal model.
Whitepapers
VDMA Studie Industrial Security 2025
2025-04-01 | Industry Report
@techreport{VDMA2025industrialsecurity,
title = {VDMA Studie Industrial Security 2025},
author = {Moser, Maximilian and Giehl, Alexander and Peters, Sebastian},
institution = {VDMA, Fraunhofer AISEC},
address = {Lyoner Straße 18, 60528 Frankfurt am Main, Germany},
year = {2025},
month = {April},
type = {Report},
note = {With contributions from Fraunhofer Institute for Applied and Integrated Security AISEC},
url = {https://www.vdma.eu/documents/34570/4888559/Studie_Industrial+Strategy.pdf/269c9ab1-a5bd-243f-0724-765b7f80739c?t=1743001906199?filename=Studie_Industrial+Strategy.pdf}}
Supervised Theses
: Evaluation of Secure Zero Touch Provisioning for Industrial Bootstrapping
Type: Master's thesis
Author: Pedram Fardzadeh
Supervisors: Sebastian Peters, Adrian Reuter
Examiner: Prof. Dr. Claudia Eckert
Submission: 2025-07-07
Link: TUM SEC
Abstract: Industrial systems are increasingly exposed to cybersecurity threats due to growing connectivity and digital integration. A foundational element of securing these environments is a secure onboarding process, in which newly added devices must be authenticated and provisioned before they can safely participate in the network. The Secure Zero Touch Provisioning (SZTP) protocol, developed by the IETF, provides a standardized mechanism for automated and secure device onboarding without manual intervention. While already adopted in enterprise networking, its use in industrial settings has not been systematically evaluated. This thesis investigates the applicability of SZTP in the industrial context by analyzing current implementations, proposing deployment strategies, and conducting a compliance assessment based on the IEC 62443 standard. Our evaluation shows that SZTP is a potential candidate for industrial usage due to its flexible deployment and support for diverse onboarding data. However, effective adoption in industrial environments requires adaptations from both manufacturers and operators.
: Unlocking Security: Vulnerabilities of Smart Locking Systems
Type: Inter-disciplinary project
Author: Alexander Wagner
Supervisors: Nikolai Puch, Sebastian Peters
Examiner: Prof. Dr. Georg Sigl
Submission: 2025-01-13
Link: TUM EISEC
Description:
: Dynamic and Automatic Validation of Security Mechanisms for QUIC
Type: Master's thesis
Author: Nguyen Truong An To
Supervisors: Sebastian Peters, Lukas Lautenschlager, Stefan Tatschner
Examiner: Prof. Dr. Claudia Eckert
Submission: 2024-12-17
Link: TUM SEC
Description: QUIC, a relatively new transport protocol, is designed to improve the shortcomings of the conventional TCP protocol by offering faster connection establishments with fewer RTTs and integrated security features. As QUIC gains traction, with numerous independent implementations and even production use, ensuring its reliability through robust security is critical. The security of QUIC is addressed in various works, including RFC 9000, which outlines critical security considerations. However, the diversity of QUIC implementations necessitates an automatic and dynamic security test suite to ensure consistent and comprehensive validation of security mechanisms across different QUIC versions. This master's thesis contributes to this need by analyzing three security considerations from RFC 9000 (namely, Amplification Attack, Optimistic ACK Attack, and Request Forgery Attacks) and proposing dynamic testing models specifically designed to validate these aspects. Each testing model consists of multiple test cases derived from the corresponding security consideration and relevant requirements detailed in RFC 9000, ensuring a thorough and rigorous validation of QUIC's security mechanisms. In addition to these models, the thesis provides a tool that implements them, providing a practical solution for the dynamic and automatic validation of QUIC's security mechanisms across various QUIC implementations. The development of this tool also provides a practical framework for enhancing the security and reliability of QUIC implementations, ensuring that they can be safely deployed in a wide range of network environments.
: Authenticated and fully distributed group key agreement for bus topologies
Type: Master's thesis
Author: Jason Lochert
Supervisors: Sebastian Peters, Lukas Lautenschlager, David Emeis
Examiner: Prof. Dr. Claudia Eckert
Submission: 2024-12-10
Link: TUM SEC
Description: Modern industrial machinery often requires various computer systems to communicate securely. Bus systems, such as Controller Area Network (CAN) and Automotive Ethernet, are utilized in many industrial contexts to network the devices. To guarantee the integrity and authenticity of messages sent on the bus, Message Authentication Codes (MACs) can be used. MACs can only be generated if a key is shared amongst all authentic devices on the bus. Hence, a Group Key Agreement (GKA) protocol is needed to share the key amongst the devices. This thesis aims to identify an authenticated and fully distributed Group Key Agreement protocol that is suitable for industrial use cases. Hence, the thesis begins by analyzing the requirements of an industrial user. These requirements are used to identify a suitable GKA protocol that can fulfill the requirements set by the use case. This thesis introduces IndusTreeal GKA, which is a scalable, dynamic, and distributed GKA based on TreeKEM. The protocol is not only able to provide Post-Compromise Security (PCS) and Forward Secrecy (FS), but also can prevent most attacks conducted by a Dolev Yao adversary. Furthermore, the protocol will take quantum-safety into account, providing both cryptographic agility and protection against Harvest Now Decrypt Later (HNDL) attacks. Due to the resource-constrained nature of most industrial machinery, the protocol’s communication, storage, and computational overheads are calculated. This analysis can be used to compare IndusTreeal GKA to other protocols.
: Taxonomy and User Evaluation of Authentication Recovery Methods: Bridging Theory and Perception
Type: Bachelor's thesis
Author: Raphael Dabbert
Supervisors: Lukas Gehrke, Sebastian Peters
Examiner: Prof. Dr. Claudia Eckert
Submission: 2024-11-18
Link: TUM SEC
Abstract: Broken access control of authentication schemes is widely regarded as a cyber security issue [1]. Over the past years, organizations and individuals have introduced numerous new concepts and measures to enhance account security, including widely adopting twofactor authentication. However, users often overlook one critical aspect of authentication: the account recovery process. For this reason, we extend and refine the taxonomy of Bonneau [2], with a focus on recovery, and conducted a study to see how the perception of the recovery process is from the perspective of the end-user. We conducted an online survey with 163 participants, with questions focusing on authentication method knowledge, perceived security, and usability, as well as specific questions about their experience and ideas about the authentication recovery process. The highest perceived usability among participants is attributed to the fingerprint (mean = 5.43, SD = 0.97) and the face scan (mean = 5.45, SD = 0.89), rated on a scale of one to six, rating the most usable. Conversely, the lowest perceived usability is associated with an One-time password (OTP) delivered via letter (mean = 2.8, SD = 1.31). On the other hand, the highest perceived security was attributed to a hardware key (mean = 5.46 sd = 0.66). Our study found that 82% of users recovered at least one of their accounts last year and 66% more than once, showing the importance of the authentication recovery path. The most popular methods used to recover accounts use are a second channel either email or SMS, the methods are OTP (n = 92) or reset link via email (n = 66) and OTP via SMS (n = 57), The most requested recovery method by the participants is OTP via email (mean = 4.67), closely followed by OTP via SMS (mean = 4.63). Conversely, the lowest wanted method was OTP via letter. A majority of 71% of users express a preference for receiving notifications about account recovery. In particular, among all participants, 56% prefer to be notified once per year, while 7% are open to receiving notifications up to four times per year. Users primarily choose recovery methods based on perceived usability and security, with usability being the strongest predictor (β = 0.52, p < 0.001), followed by security (β = 0.24, p < 0.01). A comparison of the taxonomy with our survey data in terms of usability and security revealed notable differences. Both values were normalized for analysis. For usability, the absolute difference showed a mean of 0.1 (SD = 0.08), while for perceived security, the absolute difference was slightly higher, with a mean of 0.15 (SD = 0.09). These results highlight the variances between the theoretical taxonomy and the user’s perceptions in practice. Overall, this research offers a taxonomy that can be used to evaluate the security and usability of authentication and recovery methods, providing an elaborated framework to evaluate and deploy them as service providers. The survey offers insights on how users deal with and want to use recovery procedures.
: Sicherheitsanalyse eines neuartigen Smart Metering-Systems
Type: Research project
Author: Julian Marchl
Supervisors: Simon Ott, Alexander Giehl, Sebastian Peters, Katharina Bogad
Examiner: Prof. Dr. Georg Sigl
Submission: 2024-05-06
Link: TUM EISEC
Description:
: Navigating the Risks: An Investigation into the Security of Location Services
Type: Master's thesis
Author: Michael Brunner
Supervisors: Nikolai Puch, Sebastian Peters
Examiner: Prof. Dr. Georg Sigl
Submission: 2024-05-02
Link: TUM EISEC
Description: Location services are relied on constantly nowadays. They have become increasingly important as a factor in security-relevant contexts, such as location tracking in car sharing. With recent geopolitical conflicts, attacks on satellite navigation become more common. Prior work already proved that Global Navigation Satellite System (GNSS) spoofing is possible. Therefore, a GNSS location cannot be trusted entirely. However, modern network-enabled devices do not solely rely on GNSS for positioning. Location computation is often done using different data sources instead. An example is Google’s proprietary Fused Location Provider (FLP) for Android as the recommended location provider, relying on a multitude of information like GNSS and network fingerprints. However, how these location sources are combined for the FLP and other similar fused positioning sources is usually a black box. This lack of information about the chosen location sources makes assessing the trustworthiness of the resulting position difficult. In this work, we develop a testbed to investigate location algorithms and shed light on the black box. The testbed supports spoofing of Global Positioning System (GPS) signals and operating custom GPRS and LTE networks. We successfully spoof the location of Android devices using our modified mobile networks. In addition, the custom cellular networks allow us to analyze mobile localization traffic. Using this setup, we test various mobile phones to dissect their location traffic and investigate their differences. Next to external location sources, these devices rely on Secure User Plane Location (SUPL) for location assistance on the User Plane. We show that the concrete configuration of SUPL differs between the different GNSS chip vendors. Furthermore, we confirm that unique traceable but encrypted user data is transmitted in those requests. Additionally, by providing Android phones with different spoofed location sources, we show the basic location selection process of the FLP. We conclude that due to the reliance on GNSS as a primary location authority, the location of Android phones is not trustworthy for safety-critical applications.
: Post-Quantum Cryptography for Embedded Devices: A Systematic Literature Review and Practical Evaluation
Type: Guided Research
Author: Maximilian Pursche
Supervisors: Nikolai Puch, Sebastian Peters, Michael Heinl
Examiner: Prof. Dr. Claudia Eckert
Submission: 2024-03-31
Link: TUM SEC
Description: Embedded systems are flexible and diverse and thus have found a use case in almost every part of our daily lives. They are cost- effective and lightweight solutions for many applications and can serve their intended purpose for years in a single lifecycle. Due to their widespread use, they have also become valuable targets for cyberattacks. However, translating high-end cybersecurity from servers and desktops to the embedded realm can be challenging due to the limited computational power and memory of embedded devices. Although quantum computing is still in early research and development, it threatens to break conventional asymmetric cryp- tography which is the basis of most secure applications currently in use. Given the long lifespan of embedded devices, which can last for decades, research must find solutions for post-quantum (PQ) security sooner rather than later. The field of post-quantum cryptography (PQC) received significant attention in 2019 when the National Institute for Standards and Technology (NIST) launched a PQC competition to find suitable PQ algorithms. During the PQC competition, the applicability of novel PQ algorithms to embedded devices was an important topic that garnered significant research interest. This article provides a survey of the latest research regard- ing PQC application to embedded systems. However, rather than focusing on PQ algorithms, it focuses on use cases intending to help embedded developers understand the current state of research from an integration standpoint. The article begins by presenting the mathematical problems and algorithms leading the NIST com- petition. It follows by discussing PQ secure network transmission, authentic software execution, and secure updates. It aims to guide developers and integrators in securing their applications with the appropriate PQC solution.
: Towards Open and ISA/IEC 62443-conform Logging for OT Devices
Type: Master's thesis
Author: Hendrik Hagendorn
Supervisors: Michael Heinl, Sebastian Peters
Examiner: Prof. Dr. Claudia Eckert
Submission: 2024-03-15
Link: TUM SEC
Description: In the evolving landscape of Operational Technology (OT), the integration of robust logging mechanisms is paramount to maintaining compliance with industrial standards such as ISA/IEC 62443. This thesis presents a ISA/IEC 62443-compliant approach to enhance the security and standard conformance of logging mechanisms within OT environments. By leveraging insights from existing protocols, such as Profinet IO and syslog, alongside the implementation of innovative logging strategies, we address the unique challenges of logging in OT settings. These challenges include the integration of legacy systems, ensuring high availability, and maintaining the confidentiality and integrity of log data in real-time operational contexts. Our research analyzes current logging protocols and data structures, identifying gaps in their ability to meet the stringent requirements set forth by the ISA/IEC 62443 standards. We propose a logging concept that not only ensures compliance with these standards but also supports the seamless integration with existing OT infrastructure. This concept includes the development of a secure and flexible logging framework that can be adapted to various OT devices and platforms. The framework emphasizes the importance of confidentiality, integrity, availability, and event correlation to aid in the detection and mitigation of security incidents. The practicality of this approach is demonstrated through the implementation of a testbed, showcasing the feasibility and effectiveness of our logging concept in real-world OT scenarios. Our findings reveal that a standards-compliant logging mechanism significantly enhances the security posture of OT systems, providing a robust foundation for the detection, analysis, and response to security threats. This research contributes to the body of knowledge in OT security, offering a comprehensive strategy for organizations to achieve and maintain compliance with ISA/IEC 62443 standards, thereby ensuring the safe and reliable operation of critical industrial systems.
: Design and Implementation of a Testbed for Evaluating Usability of Authentication in OT
Type: Bachelor's thesis
Author: Fabian Blank
Supervisors: Sebastian Peters, Nikolai Puch
Examiner: Prof. Dr. Claudia Eckert
Submission: 2024-02-15
Link: TUM SEC
Description: User-to-machine authentication plays an essential role in ensuring the primary security goals of a system. It has been shown that adequate security measures must feel reasonable and usable to users. This work aims to provide a framework to effectively assess the usability and user acceptance of authentication factors in Operational Technology (OT). It describes users’ perception of security measures and perceived usability. From this understanding, a testbed is conceptualized, implemented, and evaluated. The proposed testbed enables experiments in an OT environment while collecting metrics about the usability of the used authentication factors. Passwords, RFID cards, TOTPs, and facial recognition are implemented. The work introduces a holistic concept of usability testing and complements it with essential considerations for testing usability in OT. These considerations include Personal Protective Equipment (PPE) and another safety aspect, a time criticality of actions, and equipment age.
: Integration of TPM in BRSKI
Type: Inter-disciplinary project
Author: Markus Bever
Supervisors: Sebastian Peters, Michael Heinl
Examiner: Prof. Dr. Georg Sigl
Submission: 2023-12-18
Link: TUM EISEC
Description:
: Authorization and Identity Management for Smart Factorys
Type: Master's thesis
Author: Tom Lin
Supervisors: Sebastian Peters, Nikolai Puch
Examiner: Prof. Dr. Claudia Eckert
Submission: 2023-10-23
Link: TUM SEC
Abstract: Smart factories achieve efficient and flexible production through interconnectivity and dynamicity. This new paradigm demands an efficient concept for managing different entities and their access rights. While mature concepts have been developed and adopted in IT environments, there is a lack thereof in OT environments. This work assesses existing concepts based on the requirements, derived from smart factory environments, IAM systems and industrial standards, such as IEC 62443. The need for a new access control model is identified based on an evaluation: Existing models cannot adequately meet the demands for use in smart factories. In order to meet the requirements, an access control model is introduced that achieves continuous enforcement with a focus on scalability, speed, usability and flexibility. A corresponding enforcement architecture is developed and prototypically implemented.
: Security Engineering Process for Authentication and Lifecycle Management in OT
Type: Bachelor's thesis
Author: Maximilian-Emmanuel Zimmer
Supervisors: Sebastian Peters, Nikolai Puch
Examiner: Prof. Dr. Claudia Eckert
Submission: 2023-09-15
Link: TUM SEC
Description: Security engineering is an integral part of developing secure systems or components. However, identifying relevant security requirements is a challenging task. This is even true when standards and guidelines can be consulted. Extensive standards and guidelines may add an extracted level of complexity since their general structure first needs to be understood by the reader before relevant requirements can be extracted. This thesis aims to assist the requirements engineer, or anyone interested in security requirements, with identifying relevant requirements. This is done by introducing a process flow that extracts requirements from a set of standards or guidelines given a specific focus. This is done in a way that brings the requirements into a functional form and associates them with extracted metadata.
: Automotive radio analysis framework
Type: Inter-disciplinary project
Author: Michael Brunner
Supervisors: Nikolai Puch, Sebastian Peters
Examiner: Prof. Dr. Georg Sigl
Submission: 2023-07-03
Link: TUM EISEC
Description: Analysis Tool for Relay Attacks on Passive Keyless Entry Systems
: PKI-based Security for the IACS Supply Chain
Type: Master's thesis
Author: Adrian Reuter
Supervisors: Michael Heinl, Sebastian Peters
Examiner: Prof. Dr. Claudia Eckert
Submission: 2022-11-17
Link: TUM SEC
Abstract: As a consequence of the tremendous increase of interconnected devices deployed in the context of Industrial Automation and Control Systems (IACS) and the industrial Internet of Things, the need for scalable and yet secure on-boarding procedures increases. A trust relationship between a new device and its operator domain can be seen as an essential prerequisite for secure deployment, even before a device receives a particular network or application layer configuration. Cryptographic device identities and trust anchors imprinted on devices found the basis for such trust relationship. This thesis analyses the IEEE 802.1AR standard for secure device identifiers and the Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol developed by the IETF ANIMA working group, and explores their suitability for providing a PKI-based security mechanism for the IACS supply chain. This thesis controversially discusses central design choices for mapping the BRSKI architecture to the architecture of IACS and evaluates its conformity with recommendations given by ISA/IEC 62443. Subsequently, this thesis designs, implements, and evaluates a testbed, which leverages BRSKI to establish locally significant identities on new devices and demonstrates the integration of BRSKI with an external domain PKI of an exemplified industrial operator. Our findings show that the BRSKI architecture can be successfully mapped to the architecture of IACS and allows for great scalability due to the high degree of automation of the secure bootstrapping process, without requiring human interaction. Moreover, our evaluation shows that BRSKI does not interfere with the strict availability requirement of industrial environments and can be operated in conformance with the security requirements defined in ISA/IEC 62443. This thesis concludes by discussing the process of device ownership verification and highlights the potential for outsourcing manufacturer-based authentication as a cloud service.
: Secure and Usable Multifactor Authentication in OT
Type: Master's thesis
Author: David Bonauer
Supervisors: Nikolai Puch, Sebastian Peters
Examiner: Prof. Dr. Claudia Eckert
Submission: 2022-09-15
Link: TUM SEC
Abstract: Multifactor Authentication has been a crucial part of securing authentication for years. For one sector, which includes most of our critical infrastructure, however there exists little to no scientific work regarding this topic. It has been behind the state of the art in this aspect and is called: Operational Technology. In this work we study the causes, which led to this situation and develop a new concept to implement Multifactor Authentication in a secure and usable way in this specific area. The method also describes how to analyze the setting to choose a fitting combination of factors. We base this selection on an analysis, evaluation and comparison of possible factors regarding their security and usability. To create a holistic security approach we expand the theory with the most important complementing security aspects as well as their interaction with the implementation. The theoretical concept is then applied to an industrial production line sample environment, for which multiple approaches and factors have been inspected, compared and implemented.