Publikationen
Disclaimer :
These papers are made available as a means to ensure timely dissemination of scholarly and technical work
on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders,
notwithstanding that they have offered their works here electronically. It is understood that all persons copying
this information will adhere to the terms and constraints invoked by each author's copyright. These works may not
be reposted without the explicit permission of the copyright holder.
2009
Interest based automated content exchange in 7DS ,
Florian Tegeler , Technical Report IFI-TB-2009-02, Institute of Computer Science, University of Goettingen,
ISSN 1611-1044, August 2009.
Zusammenfassung lesen
With the increasing storage space and performance of today's mobile devices, users often store a large variety of content like music on their devices. We argue, that leveraging this data to extract a meaningful user interest representation on the given data can help developing next generation mobile services. The mobile device can be enabled to automatically detect and predict the users
interest and automatically acquire such information. We are especially targeting at scenarios where the mobile device is not always connected to a global infrastructure such as the internet or a provided cellular net but moves in an
often communication disrupted manner. Typically such scenarios are referred to as mobile delay/disruption tolerant networks (mobile DTNs). We present a prototype that automatically analyzes a users content, derives the interest and exchanges data with other nodes having content of similar interest space. The two prototype media types we chose are music and news, while music represent time and location independent general user's interest based media. News files are an example for highly time and location critical media which is not only based on the general user's interest but has to include additional dimensions
that can be highly dynamical. We present the general architecture of our solution and highlight some technical details of our implementation proving the flexibility and extensibility of our approach.
PDF [721.2 kB]
Security Analysis of IKEv2 Session Resumption ,
Florian Tegeler , Technical Report No. IFI-TB-2009-01, Institute of Computer Science, University of Goettingen,
ISSN 1611-1044, June 2009.
Zusammenfassung lesen
This document describes the security analysis of a proposed IKEv2 Session Resumption method based on Sheffer, Y., Tschofenig, H., Dondeti, L. and Narayanan, V.: IPSec Gateway Failover Protocol (http://www.ietf.org/Internet-drafts/draft-sheffer-ipsecfailover-02.txt).
PDF [1112.5 kB]
A Unified Security Backplane for Trust and Reputation Systems in Decentralized Networks ,
Florian Tegeler , Jun Lei , and Xiaoming Fu , IEEE INFOCOM 2009 Student Workshop,
April 2009.
Zusammenfassung lesen
Trust and Reputation (TR) systems are a recently proposed means to address free-rider issues in decentralized networks such as P2P, DTNs, and wireless mesh networks. Basically, TR systems identify malicious node behaviors by observation and direct interaction experience. However, these systems often lack a security framework to prevent a variety of attacks, such as identity spoofing or capturing and false reports on nodes behavior. We present a security backplane preventing such attacks by providing authentication, non-repudiation and other security services without predetermining the exact TR algorithm on node interaction selection and the metrics on the evaluation of nodes. Utilizing this security framework, multiple proposed algorithms such as Scrubber, Eigentrust, CONFIDENT or pricing systems can be implemented with increased and flexible security properties.
PDF [79.8 kB]
2008
Security Analysis, Prototype Implementation and Performance Evaluation of a New IPSec Session Resumption Method ,
Florian Tegeler , Zentrum fuer Informatik, Universitaet Goettingen, Master's Thesis, No. ZFI-BM-2008-01,
ISSN 1612-6793, January 2008.
Zusammenfassung lesen
In the current communication infrastructure a variety of services are already based on the Internet Protocol (IP) and effort is taken to put the mobile communication as well into the IP framework. Many of these services like voice over IP or online banking require an increased level of security and privacy, and therefore demanding a wide application of security suits as IPSec. These connections are typically secured by keys derived from a key negotiation process run with the IKEv2 key negotiation protocol. This process is computationally heavy; ideally it should be performed as rarely as possible. The computational complexity could grow to a severe problem in mobile environments where a base station is handling hundreds or thousands of mobile nodes and the gateway fails for any reason. If the gateway fails and recovers later, all IPSec capable devices will try to resume their session immediately by renegotiating keys and potentially overload the gateways resources by doing that in parallel. Furthermore the total number of clients a base station can handle is reduced when sessions to end host fail temporarily due to e.g. communication distortions etc. Every time re-keying is necessary.
In this thesis a server side stateless IPSec session resumption approach developed by Sheffer et al is presented and analysed. The sessions state including the master secret as the source for further keying material is stored in an encrypted ticket which can later be used to quickly resume the session. A formal security analysis based on CSP algebra interpreted with the CasperFDR toolkit was performed and it could be shown that no new security threats are introduced by altering the IKEv2 communication sequence and storing the state inside a ticket. Furthermore, a prototype of the ticket based session resumption was implemented into an existing open source Linux IKEv2 daemon and the performance evaluation showed a significant reduction in the session resumption time. Overall, this thesis illustrates the new ticket based session resumption approach, verifies it via a formal security toolkit and proves the significant reduction of the time required to resume a session in a prototype implementation.
PDF [2727.2 kB]
2005
Formal Specification and Security Verification of the IDKE Protocol using FDR Model Checking ,
Rene Soltwisch, Florian Tegeler , and Dieter Hogrefe, Proceedings of the 13th IEEE International Conference on Networks (ICON),
IEEE, ISBN 1-4244-0000-7, November 2005.
Zusammenfassung lesen
The IDKE protocol is a mechanism aiming to provide authentication and session-key establishment for mobile nodes after an inter domain handover. Credentials are forwarded from a previous access router to the new access router whereas initially no trust relationship exists. The IDKE protocol utilizes an IP based infrastructure to transfer a session-key due an initiated handover. In this paper, we give a formal specification of the IDKE protocol, its properties, pre- and post-conditions. Verification of security properties such as secrecy and authentication is performed by utilizing the model checker FDR. We optimize the specification, prove security properties, and figure out the limits of our optimized specification. We show that the IDKE protocol is capable to provide authenticated and secured key establishment. Furthermore we prove that the IDKE protocol also provides forward secrecy for the session-key and for a secured tunnel between two access routers.
PDF [1658.7 kB]
Review of CasperFDR Analysis of the IDKE Protocol ,
Florian Tegeler , and Rene Soltwisch, Technical Report No. IFI-TB-2005-04, Institute of Computer Science, University of Göttingen, Germany,
ISSN 1611-1044, June 2005.
