@inproceedings{BeckerHoefkenSchuetzetal.2016,
  author    = {Becker, Sebastian and H{\"o}fken, Hans-Wilhelm and Sch{\"u}tz, Philip and Schuba, Marko},
  title     = {IT-forensische Erkennung modifizierter Android-Apps},
  series = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016},
  booktitle = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016},
  editor    = {Schartner, P.},
  pages     = {120 -- 125},
  year      = {2016},
  abstract  = {Malware auf Smartphones ist ein Problem, dem auch Strafverfolgungsbeh{\"o}rden immer h{\"a}ufiger gegen{\"u}berstehen. Insbesondere Telefone, bei denen potentiell schadhafte Apps zu einem finanziellen Schaden gef{\"u}hrt haben, finden sich auf den Schreibtischen der Polizei wieder. Dabei m{\"u}ssen die Ermittler m{\"o}glichst schnell und gezielt erkennen k{\"o}nnen, ob eine App tats{\"a}chlich schadhaft manipuliert wurde, was manipuliert wurde und mit wem die App kommuniziert. Klassische Malware-Erkennungsverfahren helfen zwar bei der generellen Erkennung schadhafter Software, sind aber f{\"u}r die polizeiliche Praxis nicht geeignet. Dieses Paper stellt ein Programm vor, welches gerade die forensischen Fragestellungen ber{\"u}cksichtigt und so f{\"u}r den Einsatz in der Strafverfolgung in Frage kommt.},
  language  = {de}
}
@inproceedings{BonneyHoefkenPaffenetal.2015,
  author    = {Bonney, Gregor and H{\"o}fken, Hans-Wilhelm and Paffen, Benedikt and Schuba, Marko},
  title     = {ICS/SCADA Security - Analysis of a Beckhoff CX5020 PLC},
  series = {1st International Conference on Information Systems Security and Privacy : ICISSP 2015},
  booktitle = {1st International Conference on Information Systems Security and Privacy : ICISSP 2015},
  organization    = {International Conference on Information Systems Security and Privacy <1, 2015, Angers>},
  pages     = {1 -- 6},
  year      = {2015},
  language  = {en}
}
@inproceedings{BonneyNagelSchuba2016,
  author    = {Bonney, Gregor and Nagel, Stefan and Schuba, Marko},
  title     = {Risiko Smart Home - Angriff auf ein Babymonitorsystem},
  series = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016},
  booktitle = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016},
  editor    = {Schartner, P.},
  pages     = {371 -- 378},
  year      = {2016},
  abstract  = {Unser Zuhause wird zunehmend intelligenter. Smart Homes bieten uns die Steuerung von Haus- oder Unterhaltungstechnik bequem vom Smartphone aus. Junge Familien nutzen die Technologie, um mittels vernetzten Babymonitorsystemen ihren Nachwuchs von {\"u}berall aus im Blick zu haben. Davon auszugehen, dass solche Systeme mit einem Fokus auf Sicherheit entwickelt wurden, um die sehr pers{\"o}nlichen Daten zu sch{\"u}tzen, ist jedoch ein Trugschluss. Die Untersuchung eines handels{\"u}blichen und keineswegs billigen Systems zeigt, dass die Ger{\"a}te sehr einfach kompromittiert und missbraucht werden k{\"o}nnen.},
  language  = {de}
}
@inproceedings{BraunHoefkenSchubaetal.2015,
  author    = {Braun, Sebastian and H{\"o}fken, Hans-Wilhelm and Schuba, Marko and Breuer, Michael},
  title     = {Forensische Sicherung von DSLRoutern},
  series = {Proceedings of D-A-CH Security 2015. St. Augustin 8. und 9. September 2015},
  booktitle = {Proceedings of D-A-CH Security 2015. St. Augustin 8. und 9. September 2015},
  pages     = {11 S.},
  year      = {2015},
  language  = {de}
}
@inproceedings{BroennerHoefkenSchuba2016,
  author    = {Broenner, Simon and H{\"o}fken, Hans-Wilhelm and Schuba, Marko},
  title     = {Streamlining extraction and analysis of android RAM images},
  series = {Proceedings of the 2nd international conference on information systems security and privacy},
  booktitle = {Proceedings of the 2nd international conference on information systems security and privacy},
  organization    = {ICISSP International Conference on Information Systems Security and Privacy <2, 2016, Rome, Italy>},
  isbn      = {978-989-758-167-0},
  doi       = {10.5220/0005652802550264},
  pages     = {255 -- 264},
  year      = {2016},
  language  = {en}
}
@inproceedings{ChristianMontagSchubaetal.2018,
  author    = {Christian, Esser and Montag, Tim and Schuba, Marko and Allhof, Manuel},
  title     = {Future critical infrastructure and security - cyberattacks on charging stations},
  series = {31st International Electric Vehicle Symposium \& Exhibition and International Electric Vehicle Technology Conference (EVS31 \& EVTeC 2018)},
  booktitle = {31st International Electric Vehicle Symposium \& Exhibition and International Electric Vehicle Technology Conference (EVS31 \& EVTeC 2018)},
  publisher = {Society of Automotive Engineers of Japan (JSAE)},
  address   = {Tokyo},
  isbn      = {978-1-5108-9157-9},
  pages     = {665 -- 671},
  year      = {2018},
  language  = {en}
}
@inproceedings{GranatHoefkenSchuba2017,
  author    = {Granat, Andreas and H{\"o}fken, Hans-Wilhelm and Schuba, Marko},
  title     = {Intrusion Detection of the ICS Protocol EtherCAT},
  pages     = {1 -- 5},
  year      = {2017},
  abstract  = {Control mechanisms like Industrial Controls Systems (ICS) and its subgroup SCADA (Supervisory Control and Data Acquisition) are a prerequisite to automate industrial processes. While protection of ICS on process management level is relatively straightforward - well known office IT security mechanisms can be used - protection on field bus level is harder to achieve as there are real-time and production requirements like 24x7 to consider. One option to improve security on field bus level is to introduce controls that help to detect and to react on attacks. This paper introduces an initial set of intrusion detection mechanisms for the field bus protocol EtherCAT. To this end existing Ethernet attack vectors including packet injection and man-in-the-middle attacks are tested in an EtherCAT environment, where they could interrupt the EtherCAT network and may even cause physical damage. Based on the signatures of such attacks, a preprocessor and new rule options are defined for the open source intrusion detection system Snort demonstrating the general feasibility of intrusion detection on field bus level.},
  language  = {en}
}
@inproceedings{HartungHillgaertnerSchmitzetal.2014,
  author    = {Hartung, Frank and Hillg{\"a}rtner, Michael and Schmitz, G{\"u}nter and Schuba, Marko and Adolphs, Fabian and Hoffend, Jens and Theis, Jochen},
  title     = {IT-Sicherheit im Automobil},
  series = {AmE 2014 : Automotive meets Electronics, Beitr{\"a}ge der 5. GMM-Fachtagung vom 18. bis 19. Februar 2014 in Dortmund. (GMM-Fachbericht ; 78)},
  booktitle = {AmE 2014 : Automotive meets Electronics, Beitr{\"a}ge der 5. GMM-Fachtagung vom 18. bis 19. Februar 2014 in Dortmund. (GMM-Fachbericht ; 78)},
  publisher = {VDE-Verl.},
  address   = {Berlin},
  organization    = {VDE/VDI-Gesellschaft Mikroelektronik, Mikrosystem- und Feinwerktechnik (GMM)},
  isbn      = {978-3-8007-3580-8},
  pages     = {CD-ROM},
  year      = {2014},
  language  = {de}
}
@inproceedings{KueppersSchubaNeugebaueretal.2023,
  author    = {K{\"u}ppers, Malte and Schuba, Marko and Neugebauer, Georg and H{\"o}ner, Tim and Hack, Sacha},
  title     = {Security analysis of the KNX smart building protocol},
  series = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security},
  booktitle = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security},
  publisher = {ACM},
  doi       = {10.1145/3600160.3605167},
  pages     = {1 -- 7},
  year      = {2023},
  abstract  = {KNX is a protocol for smart building automation, e.g., for automated heating, air conditioning, or lighting. This paper analyses and evaluates state-of-the-art KNX devices from manufacturers Merten, Gira and Siemens with respect to security. On the one hand, it is investigated if publicly known vulnerabilities like insecure storage of passwords in software, unencrypted communication, or denialof-service attacks, can be reproduced in new devices. On the other hand, the security is analyzed in general, leading to the discovery of a previously unknown and high risk vulnerability related to so-called BCU (authentication) keys.},
  language  = {en}
}
@inproceedings{LindenlaufHoefkenSchuba2015,
  author    = {Lindenlauf, Simon and H{\"o}fken, Hans-Wilhelm and Schuba, Marko},
  title     = {Cold Boot Attacks on DDR2 and DDR3 SDRAM},
  series = {10th International Conference on Availability, Reliability and Security (ARES) 2015},
  booktitle = {10th International Conference on Availability, Reliability and Security (ARES) 2015},
  doi       = {10.1109/ARES.2015.28},
  pages     = {287 -- 292},
  year      = {2015},
  language  = {en}
}