@inproceedings{KueppersSchubaNeugebaueretal.2023,
  author    = {K{\"u}ppers, Malte and Schuba, Marko and Neugebauer, Georg and H{\"o}ner, Tim and Hack, Sacha},
  title     = {Security analysis of the KNX smart building protocol},
  series = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security},
  booktitle = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security},
  publisher = {ACM},
  doi       = {10.1145/3600160.3605167},
  pages     = {1 -- 7},
  year      = {2023},
  abstract  = {KNX is a protocol for smart building automation, e.g., for automated heating, air conditioning, or lighting. This paper analyses and evaluates state-of-the-art KNX devices from manufacturers Merten, Gira and Siemens with respect to security. On the one hand, it is investigated if publicly known vulnerabilities like insecure storage of passwords in software, unencrypted communication, or denialof-service attacks, can be reproduced in new devices. On the other hand, the security is analyzed in general, leading to the discovery of a previously unknown and high risk vulnerability related to so-called BCU (authentication) keys.},
  language  = {en}
}
@inproceedings{NeugebauerBrutschyMeyeretal.2014,
  author    = {Neugebauer, Georg and Brutschy, Lucas and Meyer, Ulrike and Wetzel, Susanne},
  title     = {Privacy-preserving multi-party reconciliation secure in the malicious model},
  series = {DPM 2013, SETOP 2013: Data Privacy Management and Autonomous Spontaneous Security},
  booktitle = {DPM 2013, SETOP 2013: Data Privacy Management and Autonomous Spontaneous Security},
  editor    = {Garcia-Alfaro, Joaquin and Lioudakis, Georgios and Cuppens-Boulahia, Nora and Foley, Simon and Fitzgerald, William M.},
  publisher = {Springer},
  address   = {Berlin},
  isbn      = {978-3-642-54567-2 (Print)},
  doi       = {10.1007/978-3-642-54568-9_12},
  pages     = {178 -- 193},
  year      = {2014},
  abstract  = {The problem of fair and privacy-preserving ordered set reconciliation arises in a variety of applications like auctions, e-voting, and appointment reconciliation. While several multi-party protocols have been proposed that solve this problem in the semi-honest model, there are no multi-party protocols that are secure in the malicious model so far. In this paper, we close this gap. Our newly proposed protocols are shown to be secure in the malicious model based on a variety of novel non-interactive zero-knowledge-proofs. We describe the implementation of our protocols and evaluate their performance in comparison to protocols solving the problem in the semi-honest case.},
  language  = {en}
}
@inproceedings{NethSchubaBrodkorbetal.2023,
  author    = {Neth, Jannik and Schuba, Marko and Brodkorb, Karsten and Neugebauer, Georg and H{\"o}ner, Tim and Hack, Sacha},
  title     = {Digital forensics triage app for android},
  series = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security},
  booktitle = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security},
  publisher = {ACM},
  isbn      = {9798400707728},
  doi       = {10.1145/3600160.3605017},
  pages     = {6 Seiten},
  year      = {2023},
  abstract  = {Digital forensics of smartphones is of utmost importance in many criminal cases. As modern smartphones store chats, photos, videos etc. that can be relevant for investigations and as they can have storage capacities of hundreds of gigabytes, they are a primary target for forensic investigators. However, it is exactly this large amount of data that is causing problems: extracting and examining the data from multiple phones seized in the context of a case is taking more and more time. This bears the risk of wasting a lot of time with irrelevant phones while there is not enough time left to analyze a phone which is worth examination. Forensic triage can help in this case: Such a triage is a preselection step based on a subset of data and is performed before fully extracting all the data from the smartphone. Triage can accelerate subsequent investigations and is especially useful in cases where time is essential. The aim of this paper is to determine which and how much data from an Android smartphone can be made directly accessible to the forensic investigator - without tedious investigations. For this purpose, an app has been developed that can be used with extremely limited storage of data in the handset and which outputs the extracted data immediately to the forensic workstation in a human- and machine-readable format.},
  language  = {en}
}