@book{SchubaLinnhoffPopienReichletal.1996, author = {Schuba, Marko and Linnhoff-Popien, Claudia and Reichl, Peter and Schuba, Marko}, title = {Systemprogrammierung : Skript zur Vorlesung an der RWTH Aachen / Otto Spaniol ...}, publisher = {Verl. der Augustinus-Buchh.}, address = {Aachen}, isbn = {3-86073-470-9}, pages = {VIII, 166 S. : graph. Darst.}, year = {1996}, language = {de} } @book{SchubaSchubaReichletal.1998, author = {Schuba, Marko and Schuba, Marko and Reichl, Peter and Schneider, Gaby}, title = {Lokale Netze - Skript zur Vorlesung an der RWTH Aachen / Spaniol, Otto,}, publisher = {Mainz}, address = {Aachen}, isbn = {3-86073-721-X}, pages = {138 S. : graph. Darst.}, year = {1998}, language = {de} } @article{HulseboschGuentherHornetal.2004, author = {Hulsebosch, R. J. and G{\"u}nther, C. and Horn, C. and Holtmanns, S. and Howker, K. and Paterson, K. and Claessens, J. and Schuba, Marko}, title = {Pioneering Advanced Mobile Privacy and Security}, series = {Security for mobility}, journal = {Security for mobility}, editor = {Mitchell, Chris J.}, publisher = {Institution of Electrical Engineers}, address = {London}, isbn = {9781849190886}, doi = {10.1049/PBTE051E_ch}, pages = {383 -- 432}, year = {2004}, language = {en} } @article{SchubaGerstenbergerLahaije2004, author = {Schuba, Marko and Gerstenberger, Volker and Lahaije, Paul}, title = {Internet ID - Flexible Reuse of Mobile Phone Authentication Security for Service Access / Schuba, Marko ; Gerstenberger, Volker, ; Lahaije, Paul}, pages = {1 -- 7}, year = {2004}, language = {en} } @article{SchubaHermanns1994, author = {Schuba, Marko and Hermanns, Oliver}, title = {Modellierung von Multicastmechanismen zur Unterst{\"u}tzung von Gruppenkommunikation / Schuba, Marko ; Hermanns, Oliver}, series = {Neue Konzepte f{\"u}r die offene verteilte Verarbeitung : Tagungsband des 1. Arbeitstreffens an der RWTH Aachen, 5. September 1994 / Hrsg. des Bd.: Claudia Popien und Bernd Meyer}, journal = {Neue Konzepte f{\"u}r die offene verteilte Verarbeitung : Tagungsband des 1. Arbeitstreffens an der RWTH Aachen, 5. September 1994 / Hrsg. des Bd.: Claudia Popien und Bernd Meyer}, publisher = {Verl. der Augustinus-Buchh.}, address = {Aachen}, isbn = {3-86073-143-2}, pages = {137 -- 147}, year = {1994}, language = {de} } @book{SchubaSpaniolLinnhoffPopien1995, author = {Schuba, Marko and Spaniol, Otto and Linnhoff-Popien, Claudia}, title = {Rechnerstrukturen : Skript zur Vorlesung an der RWTH Aachen / Spaniol, Otto ; Linnhoff-Popien, Claudia ; Schuba, Marko}, publisher = {Verl. der Augustinus-Buchh.}, address = {Aachen}, isbn = {3-86073-147-5}, pages = {V, 134 S. : graph. Darst.}, year = {1995}, language = {de} } @article{SchubaHermanns1995, author = {Schuba, Marko and Hermanns, Oliver}, title = {Performance Investigations of the IP Multicast Architecture / Hermanns, Oliver ; Schuba, Marko}, series = {Performance of the IP Multicast Achitecture . Proceedings JENC 6. Proceedings of the 6th Joint European Networking Conference, Tel Aviv}, journal = {Performance of the IP Multicast Achitecture . Proceedings JENC 6. Proceedings of the 6th Joint European Networking Conference, Tel Aviv}, pages = {121-1 -- 121-8}, year = {1995}, language = {en} } @article{SchubaReichl1996, author = {Schuba, Marko and Reichl, Peter}, title = {How to Place Connectionless Servers in ATM Networks / Schuba, Marko ; Reichl, Peter}, series = {Proc. of Fourth IFIP Workshop on Performance Modelling and Evaluation of ATM Networks}, journal = {Proc. of Fourth IFIP Workshop on Performance Modelling and Evaluation of ATM Networks}, pages = {09/1 -- 09/10}, year = {1996}, language = {en} } @article{Schuba1999, author = {Schuba, Marko}, title = {Analyse der Antwortzeit von zuverl{\"a}ssigen Multicast-Protokollen im Internet}, series = {Multicast - Protokolle und Anwendungen : 20. - 21. Mai 1999, Braunschweig; 1. GI-Workshop / [Workshop-Leitung: Martina Zitterbart ...]}, journal = {Multicast - Protokolle und Anwendungen : 20. - 21. Mai 1999, Braunschweig; 1. GI-Workshop / [Workshop-Leitung: Martina Zitterbart ...]}, address = {Braunschweig}, pages = {1 -- 14}, year = {1999}, language = {en} } @article{Schuba1999, author = {Schuba, Marko}, title = {Performance Analysis of Reliable Multicast Mechanisms for Widely Spread Distributed Applications in the Internet}, series = {International Conference on Parallel and Distributed Processing Techniques and Applications : PDPTA '99 ; June 28 - July 1, 1999, Las Vegas, Nevada, USA / ed.: Hamid R. Arabnia}, journal = {International Conference on Parallel and Distributed Processing Techniques and Applications : PDPTA '99 ; June 28 - July 1, 1999, Las Vegas, Nevada, USA / ed.: Hamid R. Arabnia}, isbn = {1892512157}, pages = {1 -- 7}, year = {1999}, language = {en} } @book{Schuba1999, author = {Schuba, Marko}, title = {Skalierbare und zuverl{\"a}ssige Multicast-Kommunikation im Internet}, publisher = {Shaker}, address = {Aachen}, isbn = {3-8265-6289-5}, pages = {IV, 198 S. : graph. Darst.}, year = {1999}, language = {de} } @article{SchubaWrona1999, author = {Schuba, Marko and Wrona, Konrad}, title = {Electronic Commerce Transactions in a Wireless Environment / Schuba, Marko. ; Wrona, Konrad}, pages = {1 -- 9}, year = {1999}, language = {en} } @article{SchubaHaverkortSchneider2000, author = {Schuba, Marko and Haverkort, Boudewijn R. and Schneider, Gaby}, title = {Performance evaluation of multicast communication in packet-switched networks / Schuba, Marko ; Haverkort, Boudewijn R. ; Schneider, Gaby}, series = {Performance Evaluation. 39 (2000), H. 1-4}, journal = {Performance Evaluation. 39 (2000), H. 1-4}, isbn = {0166-5316}, pages = {61 -- 80}, year = {2000}, language = {en} } @article{SchubaWrona2000, author = {Schuba, Marko and Wrona, Konrad}, title = {Mobile Chip Electronic Commerce: Enabling Credit Card Payment for Mobile Devices / Schuba, Marko ; Wrona, Konrad}, pages = {1 -- 6}, year = {2000}, language = {en} } @article{SchubaWrona2001, author = {Schuba, Marko and Wrona, Konrad}, title = {Security for Mobile Commerce Applications / Schuba, Marko ; Wrona, Konrad}, pages = {1 -- 8}, year = {2001}, language = {en} } @article{SchubaWronaZavagli2001, author = {Schuba, Marko and Wrona, Konrad and Zavagli, Guido}, title = {Mobile Payments - State of the Art and Open Problems / Wrona, Konrad ; Schuba, Marko ; Zavagli, Guido}, series = {Electronic commerce : second international workshop ; proceedings / WELCOM 2001, Heidelberg, Germany, November 16-17, 2001. Ludger Fiege ... (ed.)}, journal = {Electronic commerce : second international workshop ; proceedings / WELCOM 2001, Heidelberg, Germany, November 16-17, 2001. Ludger Fiege ... (ed.)}, publisher = {Springer}, address = {Berlin}, isbn = {978-3-540-42878-7}, pages = {88 -- 100}, year = {2001}, language = {en} } @article{SchubaBusboomHerwonoetal.2002, author = {Schuba, Marko and Busboom, Axel and Herwono, Ian and Zavagli, Guido}, title = {Unambiguous Device Identification and Fast Connection Setup in Bluetooth / Busboom, Axel ; Herwono, Ian ; Schuba, Marko ; Zavagli, Guido}, series = {European wireless 2002 : next generation wireless networks: technologies, protocols, services and applications ; technical sessions: 26 - 28 February 2002, tutorials: 25 February 2002, Centro Affari, Florence, Italy ; proceedings / sponsored by EUREL ... General chair: Luciano Lenzini}, journal = {European wireless 2002 : next generation wireless networks: technologies, protocols, services and applications ; technical sessions: 26 - 28 February 2002, tutorials: 25 February 2002, Centro Affari, Florence, Italy ; proceedings / sponsored by EUREL ... General chair: Luciano Lenzini}, pages = {1 -- 5}, year = {2002}, language = {en} } @article{ClaessensFuchsbergerGuentheretal.2003, author = {Claessens, J. and Fuchsberger, A. and G{\"u}nther, C. and Horn, G. and Howker, K. and Hulsebosch, R.J. and Mitchell, C. and Paterson, K. and Preneel, B. and Schellekens, D. and Schuba, Marko}, title = {Pioneering Advanced Mobile Privacy and Security}, pages = {1 -- 17}, year = {2003}, language = {en} } @article{Schuba1997, author = {Schuba, Marko}, title = {A Performance Evaluation of Connectionless Overlay Networks for ATM}, series = {INFOCOM ´97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings Vol. 1}, journal = {INFOCOM ´97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings Vol. 1}, isbn = {0-8186-7780-5}, pages = {152 -- 158}, year = {1997}, language = {en} } @article{SchubaReichlHoff1997, author = {Schuba, Marko and Reichl, Peter and Hoff, Simon}, title = {How to Model Complex Periodic Traffic with TES / Reichl, Peter ; Schuba, Marko ; Hoff, Simon}, series = {Proc. of 13th United Kingdom Workshop on Performance Engineering, Edinburgh, UK, July 1997}, journal = {Proc. of 13th United Kingdom Workshop on Performance Engineering, Edinburgh, UK, July 1997}, pages = {17/1 -- 17/11}, year = {1997}, language = {en} } @article{SchubaReichl1998, author = {Schuba, Marko and Reichl, Peter}, title = {On large-scale reliable multicast protocols / Schuba, M. ; Reichl, P.}, series = {6th IEE Conference on Telecommunications}, journal = {6th IEE Conference on Telecommunications}, isbn = {0-85296-700-4}, pages = {133 -- 137}, year = {1998}, language = {en} } @article{SchubaReichl1998, author = {Schuba, Marko and Reichl, Peter}, title = {An Analysis of Retransmission Strategies for Reliable Multicast Protocols / Schuba, M. ; Reichl, P.}, series = {Performance of information and communication systems : IFIP TC 6,WG 6.3 Seventh International Conference on Performance of Information and Communication Systems (PICS '98), 25 - 28 May, Lund, Sweden / ed. by Ulf K{\"o}rner ...}, journal = {Performance of information and communication systems : IFIP TC 6,WG 6.3 Seventh International Conference on Performance of Information and Communication Systems (PICS '98), 25 - 28 May, Lund, Sweden / ed. by Ulf K{\"o}rner ...}, publisher = {Chapman Hall}, address = {London}, isbn = {0-412-83730-7}, pages = {1 -- 12}, year = {1998}, language = {en} } @article{Schuba1998, author = {Schuba, Marko}, title = {SRMT-a scalable and reliable multicast transport protocol}, series = {IEEE International Conference on Communications, 1998. ICC 98. Vol. 1}, journal = {IEEE International Conference on Communications, 1998. ICC 98. Vol. 1}, isbn = {0-7803-4788-9}, pages = {612 -- 616}, year = {1998}, language = {en} } @article{SchubaSchneiderHaverkort1998, author = {Schuba, Marko and Schneider, Gaby and Haverkort, Boudewijn R.}, title = {QNA-MC: A Performance Evaluation Tool for Communication Networks with Multicast Data Streams / Schneider, G. ; Schuba, M. ; Haverkort, B. R.}, series = {Computer Performance Evaluation - Modelling Techniques and Tools / Puigjaner, Ramon (eds.)}, journal = {Computer Performance Evaluation - Modelling Techniques and Tools / Puigjaner, Ramon (eds.)}, publisher = {Springer}, address = {Berlin}, isbn = {3-540-64949-2}, pages = {105 -- 116}, year = {1998}, language = {en} } @article{SchubaSpaniol1999, author = {Schuba, Marko and Spaniol, Otto}, title = {Interconnection of Local Area Networks via ATM / Spaniol, Otto ; Schuba, Marko}, series = {High performance networks for multimedia applications / edited by Andr{\´e} Danthine ...}, journal = {High performance networks for multimedia applications / edited by Andr{\´e} Danthine ...}, publisher = {Kluwer Academic Publ.}, address = {Dordrecht}, isbn = {0-7923-8274-9}, pages = {1 -- 10}, year = {1999}, language = {en} } @article{SchubaReichlKesdoganetal.1998, author = {Schuba, Marko and Reichl, Peter and Kesdogan, Dogan and Jungh{\"a}rtchen, Klaus}, title = {Simulative Performance Evaluation of the Temporary Pseudonym Method for Protecting Location Information in GSM Networks / Reichl, P. ; Kesdogan, D. ; Jungh{\"a}rtchen, K. ; Schuba, M.}, series = {Computer Performance Evaluation - Modelling Techniques and Tools / Puigjaner, Ramon (eds.)}, journal = {Computer Performance Evaluation - Modelling Techniques and Tools / Puigjaner, Ramon (eds.)}, publisher = {Springer}, address = {Berlin}, isbn = {3-540-64949-2}, pages = {105 -- 116}, year = {1998}, language = {en} } @article{Schuba1999, author = {Schuba, Marko}, title = {Analysis of Feedback Error Control Schemes for Block Based Video Communication / Meggers, Jens ; Schuba, Marko}, year = {1999}, language = {en} } @article{MausHoefkenSchuba2011, author = {Maus, Stefan and H{\"o}fken, Hans-Wilhelm and Schuba, Marko}, title = {Forensic Analysis of Geodata in Android Smartphones}, pages = {1 -- 11}, year = {2011}, language = {en} } @article{SchaeferHoefkenSchuba2011, author = {Schaefer, Thomas and H{\"o}fken, Hans-Wilhelm and Schuba, Marko}, title = {Windows Phone 7 from a Digital Forensics' Perspective}, publisher = {Springer}, address = {Berlin}, year = {2011}, language = {en} } @article{SchubaHoefkenSchaefer2012, author = {Schuba, Marko and H{\"o}fken, H. and Schaefer, T.}, title = {Smartphone Forensik}, series = {Hakin9 : Practical Protection (2012)}, journal = {Hakin9 : Practical Protection (2012)}, publisher = {-}, isbn = {1733-7186}, pages = {10 -- 20}, year = {2012}, language = {de} } @inproceedings{LogenHoefkenSchuba2012, author = {Logen, Steffen and H{\"o}fken, Hans and Schuba, Marko}, title = {Simplifying RAM Forensics : A GUI and Extensions for the Volatility Framework}, series = {2012 Seventh International Conference on Availability, Reliability and Security (ARES), 20-24 August 2012, Prague, Czech Republic}, booktitle = {2012 Seventh International Conference on Availability, Reliability and Security (ARES), 20-24 August 2012, Prague, Czech Republic}, publisher = {IEEE}, address = {New York}, isbn = {978-1-4673-2244-7}, doi = {10.1109/ARES.2012.12}, pages = {620 -- 624}, year = {2012}, abstract = {The Volatility Framework is a collection of tools for the analysis of computer RAM. The framework offers a multitude of analysis options and is used by many investigators worldwide. Volatility currently comes with a command line interface only, which might be a hinderer for some investigators to use the tool. In this paper we present a GUI and extensions for the Volatility Framework, which on the one hand simplify the usage of the tool and on the other hand offer additional functionality like storage of results in a database, shortcuts for long Volatility Framework command sequences, and entirely new commands based on correlation of data stored in the database.}, language = {en} } @article{SchubaHoefken2012, author = {Schuba, Marko and H{\"o}fken, Hans}, title = {Backtrack5: Datensammlung und Reporterstellung f{\"u}r Pentester mit MagicTree / H{\"o}fken, Hans ; Schuba, Marko}, series = {Hakin9. 73 (2012), H. 3}, journal = {Hakin9. 73 (2012), H. 3}, publisher = {-}, isbn = {1733-7186}, pages = {12 -- 16}, year = {2012}, language = {de} } @inproceedings{SchuetzBreuerHoefkenetal.2013, author = {Sch{\"u}tz, P. and Breuer, M. and H{\"o}fken, Hans-Wilhelm and Schuba, Marko}, title = {Malware proof on mobile phone exhibits based on GSM/GPRS traces}, series = {The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec 2013) : 04.03. - 06.03.2013, Kuala Lumpur, Malaysia}, booktitle = {The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec 2013) : 04.03. - 06.03.2013, Kuala Lumpur, Malaysia}, publisher = {The Society of Digital Information and Wireless Communication}, isbn = {978-0-9853483-7-3}, pages = {89 -- 96}, year = {2013}, language = {en} } @inproceedings{StoebeHoefkenSchubaetal.2013, author = {St{\"o}be, Rolf and H{\"o}fken, Hans-Wilhelm and Schuba, Marko and Breuer, Michael}, title = {Artificial ageing of mobile devices using a simulated GSM/GPRS network}, series = {Eighth International Conference on Availability, Reliability and Security (ARES) : 2-6 Sept. 2013, Regensburg}, booktitle = {Eighth International Conference on Availability, Reliability and Security (ARES) : 2-6 Sept. 2013, Regensburg}, publisher = {IEEE}, pages = {493 -- 497}, year = {2013}, language = {en} } @inproceedings{HartungHillgaertnerSchmitzetal.2014, author = {Hartung, Frank and Hillg{\"a}rtner, Michael and Schmitz, G{\"u}nter and Schuba, Marko and Adolphs, Fabian and Hoffend, Jens and Theis, Jochen}, title = {IT-Sicherheit im Automobil}, series = {AmE 2014 : Automotive meets Electronics, Beitr{\"a}ge der 5. GMM-Fachtagung vom 18. bis 19. Februar 2014 in Dortmund. (GMM-Fachbericht ; 78)}, booktitle = {AmE 2014 : Automotive meets Electronics, Beitr{\"a}ge der 5. GMM-Fachtagung vom 18. bis 19. Februar 2014 in Dortmund. (GMM-Fachbericht ; 78)}, publisher = {VDE-Verl.}, address = {Berlin}, organization = {VDE/VDI-Gesellschaft Mikroelektronik, Mikrosystem- und Feinwerktechnik (GMM)}, isbn = {978-3-8007-3580-8}, pages = {CD-ROM}, year = {2014}, language = {de} } @inproceedings{BonneyHoefkenPaffenetal.2015, author = {Bonney, Gregor and H{\"o}fken, Hans-Wilhelm and Paffen, Benedikt and Schuba, Marko}, title = {ICS/SCADA Security - Analysis of a Beckhoff CX5020 PLC}, series = {1st International Conference on Information Systems Security and Privacy : ICISSP 2015}, booktitle = {1st International Conference on Information Systems Security and Privacy : ICISSP 2015}, organization = {International Conference on Information Systems Security and Privacy <1, 2015, Angers>}, pages = {1 -- 6}, year = {2015}, language = {en} } @inproceedings{LindenlaufHoefkenSchuba2015, author = {Lindenlauf, Simon and H{\"o}fken, Hans-Wilhelm and Schuba, Marko}, title = {Cold Boot Attacks on DDR2 and DDR3 SDRAM}, series = {10th International Conference on Availability, Reliability and Security (ARES) 2015}, booktitle = {10th International Conference on Availability, Reliability and Security (ARES) 2015}, doi = {10.1109/ARES.2015.28}, pages = {287 -- 292}, year = {2015}, language = {en} } @book{GalleyMinoggioSchubaetal.2016, author = {Galley, Birgit and Minoggio, Ingo and Schuba, Marko and Bischoff, Barbara and H{\"o}fken, Hans-Wilhelm}, title = {Unternehmenseigene Ermittlungen : Recht - Kriminalistik - IT}, publisher = {Erich Schmidt Verlag}, address = {Berlin}, isbn = {978-3-503-16531-5}, pages = {XIII, 372 S.}, year = {2016}, language = {de} } @inproceedings{BraunHoefkenSchubaetal.2015, author = {Braun, Sebastian and H{\"o}fken, Hans-Wilhelm and Schuba, Marko and Breuer, Michael}, title = {Forensische Sicherung von DSLRoutern}, series = {Proceedings of D-A-CH Security 2015. St. Augustin 8. und 9. September 2015}, booktitle = {Proceedings of D-A-CH Security 2015. St. Augustin 8. und 9. September 2015}, pages = {11 S.}, year = {2015}, language = {de} } @inproceedings{BeckerHoefkenSchuetzetal.2016, author = {Becker, Sebastian and H{\"o}fken, Hans-Wilhelm and Sch{\"u}tz, Philip and Schuba, Marko}, title = {IT-forensische Erkennung modifizierter Android-Apps}, series = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016}, booktitle = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016}, editor = {Schartner, P.}, pages = {120 -- 125}, year = {2016}, abstract = {Malware auf Smartphones ist ein Problem, dem auch Strafverfolgungsbeh{\"o}rden immer h{\"a}ufiger gegen{\"u}berstehen. Insbesondere Telefone, bei denen potentiell schadhafte Apps zu einem finanziellen Schaden gef{\"u}hrt haben, finden sich auf den Schreibtischen der Polizei wieder. Dabei m{\"u}ssen die Ermittler m{\"o}glichst schnell und gezielt erkennen k{\"o}nnen, ob eine App tats{\"a}chlich schadhaft manipuliert wurde, was manipuliert wurde und mit wem die App kommuniziert. Klassische Malware-Erkennungsverfahren helfen zwar bei der generellen Erkennung schadhafter Software, sind aber f{\"u}r die polizeiliche Praxis nicht geeignet. Dieses Paper stellt ein Programm vor, welches gerade die forensischen Fragestellungen ber{\"u}cksichtigt und so f{\"u}r den Einsatz in der Strafverfolgung in Frage kommt.}, language = {de} } @inproceedings{BonneyNagelSchuba2016, author = {Bonney, Gregor and Nagel, Stefan and Schuba, Marko}, title = {Risiko Smart Home - Angriff auf ein Babymonitorsystem}, series = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016}, booktitle = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016}, editor = {Schartner, P.}, pages = {371 -- 378}, year = {2016}, abstract = {Unser Zuhause wird zunehmend intelligenter. Smart Homes bieten uns die Steuerung von Haus- oder Unterhaltungstechnik bequem vom Smartphone aus. Junge Familien nutzen die Technologie, um mittels vernetzten Babymonitorsystemen ihren Nachwuchs von {\"u}berall aus im Blick zu haben. Davon auszugehen, dass solche Systeme mit einem Fokus auf Sicherheit entwickelt wurden, um die sehr pers{\"o}nlichen Daten zu sch{\"u}tzen, ist jedoch ein Trugschluss. Die Untersuchung eines handels{\"u}blichen und keineswegs billigen Systems zeigt, dass die Ger{\"a}te sehr einfach kompromittiert und missbraucht werden k{\"o}nnen.}, language = {de} } @article{KoenigVoelkerWolfetal.2016, author = {K{\"o}nig, Johannes Alexander and V{\"o}lker, Veronika and Wolf, Martin and Schuba, Marko}, title = {Gamified Hacking Offence Simulation-based Training (GHOST)}, series = {Crisis Prevention}, volume = {2016}, journal = {Crisis Prevention}, number = {3}, publisher = {Beta}, address = {Bonn}, pages = {44 -- 46}, year = {2016}, language = {de} } @inproceedings{BroennerHoefkenSchuba2016, author = {Broenner, Simon and H{\"o}fken, Hans-Wilhelm and Schuba, Marko}, title = {Streamlining extraction and analysis of android RAM images}, series = {Proceedings of the 2nd international conference on information systems security and privacy}, booktitle = {Proceedings of the 2nd international conference on information systems security and privacy}, organization = {ICISSP International Conference on Information Systems Security and Privacy <2, 2016, Rome, Italy>}, isbn = {978-989-758-167-0}, doi = {10.5220/0005652802550264}, pages = {255 -- 264}, year = {2016}, language = {en} } @inproceedings{GranatHoefkenSchuba2017, author = {Granat, Andreas and H{\"o}fken, Hans-Wilhelm and Schuba, Marko}, title = {Intrusion Detection of the ICS Protocol EtherCAT}, pages = {1 -- 5}, year = {2017}, abstract = {Control mechanisms like Industrial Controls Systems (ICS) and its subgroup SCADA (Supervisory Control and Data Acquisition) are a prerequisite to automate industrial processes. While protection of ICS on process management level is relatively straightforward - well known office IT security mechanisms can be used - protection on field bus level is harder to achieve as there are real-time and production requirements like 24x7 to consider. One option to improve security on field bus level is to introduce controls that help to detect and to react on attacks. This paper introduces an initial set of intrusion detection mechanisms for the field bus protocol EtherCAT. To this end existing Ethernet attack vectors including packet injection and man-in-the-middle attacks are tested in an EtherCAT environment, where they could interrupt the EtherCAT network and may even cause physical damage. Based on the signatures of such attacks, a preprocessor and new rule options are defined for the open source intrusion detection system Snort demonstrating the general feasibility of intrusion detection on field bus level.}, language = {en} } @inproceedings{SchwankeHoefkenSchuba2017, author = {Schwanke, Peter and H{\"o}fken, Hans-Wilhelm and Schuba, Marko}, title = {Security Analysis of the ADS Protocol of a Beckhoff CX2020 PLC}, pages = {1 -- 5}, year = {2017}, abstract = {ICSs (Industrial Control Systems) and its subset SCADA systems (Supervisory Control and Data Acquisition) are getting exposed to a constant stream of new threats. The increasing importance of IT security in ICS requires viable methods to assess the security of ICS, its individual components, and its protocols. This paper presents a security analysis with focus on the communication protocols of a single PLC (Programmable Logic Controller). The PLC, a Beckhoff CX2020, is examined and new vulnerabilities of the system are revealed. Based on these findings recommendations are made to improve security of the Beckhoff system and its protocols.}, language = {en} } @inproceedings{SerrorHenzeHacketal.2018, author = {Serror, Martin and Henze, Martin and Hack, Sacha and Schuba, Marko and Wehrle, Klaus}, title = {Towards in-network security for smart homes}, series = {13th International Conference on Availability, Reliability and Security, ARES 2018; Hamburg; Germany; 27 August 2018 through 30 August 2018}, booktitle = {13th International Conference on Availability, Reliability and Security, ARES 2018; Hamburg; Germany; 27 August 2018 through 30 August 2018}, isbn = {978-145036448-5}, doi = {10.1145/3230833.3232802}, pages = {Article numer 3232802}, year = {2018}, language = {en} } @article{SerrorHackHenzeetal.2021, author = {Serror, Martin and Hack, Sacha and Henze, Martin and Schuba, Marko and Wehrle, Klaus}, title = {Challenges and Opportunities in Securing the Industrial Internet of Things}, series = {IEEE Transactions on Industrial Informatics}, volume = {17}, journal = {IEEE Transactions on Industrial Informatics}, number = {5}, publisher = {IEEE}, address = {New York}, issn = {1941-0050}, doi = {10.1109/TII.2020.3023507}, pages = {2985 -- 2996}, year = {2021}, language = {en} } @incollection{SchubaHoefken2022, author = {Schuba, Marko and H{\"o}fken, Hans-Wilhelm}, title = {Cybersicherheit in Produktion, Automotive und intelligenten Geb{\"a}uden}, series = {IT-Sicherheit - Technologien und Best Practices f{\"u}r die Umsetzung im Unternehmen}, booktitle = {IT-Sicherheit - Technologien und Best Practices f{\"u}r die Umsetzung im Unternehmen}, publisher = {Carl Hanser Verlag}, address = {M{\"u}nchen}, isbn = {978-3-446-47223-5}, doi = {10.3139/9783446473478.012}, pages = {193 -- 218}, year = {2022}, language = {de} } @incollection{EnglaenderKaminskiSchuba2022, author = {Engl{\"a}nder, Jacques and Kaminski, Lars and Schuba, Marko}, title = {Informationssicherheitsmanagement}, series = {Digitalisierungs- und Informationsmanagement}, booktitle = {Digitalisierungs- und Informationsmanagement}, publisher = {Springer Vieweg}, address = {Berlin}, isbn = {978-3-662-63757-9}, doi = {10.1007/978-3-662-63758-6_15}, pages = {373 -- 398}, year = {2022}, abstract = {Daten und Informationen sind die wichtigsten Ressourcen vieler Unternehmen und m{\"u}ssen daher entsprechend gesch{\"u}tzt werden. Getrieben durch die erh{\"o}hte Vernetzung von Informationstechnologie, die h{\"o}here Offenheit infolge datengetriebener Dienstleistungen und eine starke Zunahme an Datenquellen, r{\"u}cken die Gefahren von Informationsdiebstahl, -manipulation und -verlust in den Fokus von produzierenden Unternehmen. Auf dem Weg zum lern- und wandlungsf{\"a}higen Unternehmen kann dies zu einem großen Hindernis werden, da einerseits zu hohe Sicherheitsanforderungen neue Entwicklungen beschr{\"a}nken, andererseits wegen des Mangels an ausreichenden Informationssicherheitskonzepten Unternehmen weniger Innovationen wagen. Deshalb bedarf es individuell angepasster Konzepte f{\"u}r die Bereiche IT-Security, IT-Safety und Datenschutz f{\"u}r vernetzte Produkte, Produktion und Arbeitspl{\"a}tze. Bei der Entwicklung und Durchsetzung dieser Konzepte steht der Faktor Mensch im Zentrum aller {\"U}berlegungen. In diesem Kapitel wird dargestellt, wie der Faktor Mensch bei der Erstellung von Informationssicherheitskonzepten in verschiedenen Phasen zu beachten ist. Beginnend mit der Integration von Informationssystemen und damit verbundenen Sicherheitsmaßnahmen, {\"u}ber die Administration, bis hin zur Anwendung durch den Endnutzer, werden Methoden beschrieben, die den Menschen, verbunden mit seinem Mehrwert wie auch den Risiken, einschließen. Dabei werden sowohl Grundlagen aufgezeigt als auch Konzepte vorgestellt, mit denen Entscheider in der Unternehmens-IT Leitlinien f{\"u}r die Informationssicherheit festlegen k{\"o}nnen.}, language = {de} } @inproceedings{SchubaHoefkenLinzbach2022, author = {Schuba, Marko and H{\"o}fken, Hans-Wilhelm and Linzbach, Sophie}, title = {An ICS Honeynet for Detecting and Analyzing Cyberattacks in Industrial Plants}, series = {2021 International Conference on Electrical, Computer and Energy Technologies (ICECET)}, booktitle = {2021 International Conference on Electrical, Computer and Energy Technologies (ICECET)}, publisher = {IEEE}, isbn = {978-1-6654-4231-2}, doi = {10.1109/ICECET52533.2021.9698746}, pages = {6 Seiten}, year = {2022}, abstract = {Cybersecurity of Industrial Control Systems (ICS) is an important issue, as ICS incidents may have a direct impact on safety of people or the environment. At the same time the awareness and knowledge about cybersecurity, particularly in the context of ICS, is alarmingly low. Industrial honeypots offer a cheap and easy to implement way to raise cybersecurity awareness and to educate ICS staff about typical attack patterns. When integrated in a productive network, industrial honeypots may not only reveal attackers early but may also distract them from the actual important systems of the network. Implementing multiple honeypots as a honeynet, the systems can be used to emulate or simulate a whole Industrial Control System. This paper describes a network of honeypots emulating HTTP, SNMP, S7communication and the Modbus protocol using Conpot, IMUNES and SNAP7. The nodes mimic SIMATIC S7 programmable logic controllers (PLCs) which are widely used across the globe. The deployed honeypots' features will be compared with the features of real SIMATIC S7 PLCs. Furthermore, the honeynet has been made publicly available for ten days and occurring cyberattacks have been analyzed}, language = {en} } @inproceedings{ChristianMontagSchubaetal.2018, author = {Christian, Esser and Montag, Tim and Schuba, Marko and Allhof, Manuel}, title = {Future critical infrastructure and security - cyberattacks on charging stations}, series = {31st International Electric Vehicle Symposium \& Exhibition and International Electric Vehicle Technology Conference (EVS31 \& EVTeC 2018)}, booktitle = {31st International Electric Vehicle Symposium \& Exhibition and International Electric Vehicle Technology Conference (EVS31 \& EVTeC 2018)}, publisher = {Society of Automotive Engineers of Japan (JSAE)}, address = {Tokyo}, isbn = {978-1-5108-9157-9}, pages = {665 -- 671}, year = {2018}, language = {en} } @inproceedings{NethSchubaBrodkorbetal.2023, author = {Neth, Jannik and Schuba, Marko and Brodkorb, Karsten and Neugebauer, Georg and H{\"o}ner, Tim and Hack, Sacha}, title = {Digital forensics triage app for android}, series = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security}, booktitle = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security}, publisher = {ACM}, isbn = {9798400707728}, doi = {10.1145/3600160.3605017}, pages = {6 Seiten}, year = {2023}, abstract = {Digital forensics of smartphones is of utmost importance in many criminal cases. As modern smartphones store chats, photos, videos etc. that can be relevant for investigations and as they can have storage capacities of hundreds of gigabytes, they are a primary target for forensic investigators. However, it is exactly this large amount of data that is causing problems: extracting and examining the data from multiple phones seized in the context of a case is taking more and more time. This bears the risk of wasting a lot of time with irrelevant phones while there is not enough time left to analyze a phone which is worth examination. Forensic triage can help in this case: Such a triage is a preselection step based on a subset of data and is performed before fully extracting all the data from the smartphone. Triage can accelerate subsequent investigations and is especially useful in cases where time is essential. The aim of this paper is to determine which and how much data from an Android smartphone can be made directly accessible to the forensic investigator - without tedious investigations. For this purpose, an app has been developed that can be used with extremely limited storage of data in the handset and which outputs the extracted data immediately to the forensic workstation in a human- and machine-readable format.}, language = {en} } @inproceedings{KueppersSchubaNeugebaueretal.2023, author = {K{\"u}ppers, Malte and Schuba, Marko and Neugebauer, Georg and H{\"o}ner, Tim and Hack, Sacha}, title = {Security analysis of the KNX smart building protocol}, series = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security}, booktitle = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security}, publisher = {ACM}, doi = {10.1145/3600160.3605167}, pages = {1 -- 7}, year = {2023}, abstract = {KNX is a protocol for smart building automation, e.g., for automated heating, air conditioning, or lighting. This paper analyses and evaluates state-of-the-art KNX devices from manufacturers Merten, Gira and Siemens with respect to security. On the one hand, it is investigated if publicly known vulnerabilities like insecure storage of passwords in software, unencrypted communication, or denialof-service attacks, can be reproduced in new devices. On the other hand, the security is analyzed in general, leading to the discovery of a previously unknown and high risk vulnerability related to so-called BCU (authentication) keys.}, language = {en} }