% IMPORTANT: The following is UTF-8 encoded. This means that in the presence
% of non-ASCII characters, it will not work with BibTeX 0.99 or older.
% Instead, you should use an up-to-date BibTeX implementation like “bibtex8” or
% “biber”.
@PHDTHESIS{Hiller:953725,
author = {Hiller, Jens},
othercontributors = {Wehrle, Klaus and Strufe, Thorsten},
title = {{I}mproving functionality, efficiency, and trustworthiness
of secure communication on an internet diversified by mobile
devices and the internet of things},
volume = {22},
school = {RWTH Aachen University},
type = {Dissertation},
address = {Düren},
publisher = {Shaker Verlag},
reportid = {RWTH-2023-02653},
isbn = {978-3-8440-8952-3},
series = {Reports on communications and distributed systems},
pages = {1 Online-Ressource : Illustrationen, Diagramme},
year = {2023},
note = {Druckausgabe: 2023. - Auch veröffentlicht auf dem
Publikationsserver der RWTH Aachen University; Dissertation,
RWTH Aachen University, 2022},
abstract = {Secure communication is essential for many use cases that
exchange data over the Internet. However, prevalently used
security protocols, e.g., TLS 1.2, have been standardized
many years ago. At that time, the Internet was dominated by
traditional devices and communication scenarios, especially
location-bound workstations communicating with servers or
cloud services. Since then, the advent of smartphones and
the Internet of Things (IoT) introduced new scenarios with
more diverse device types and use cases. Smartphones and
their mobile apps enable the broad public to access Internet
services from virtually everywhere and at any time.
Similarly, the IoT, facilitated by the ability to access
Internet resources even with small, tightly
resource-constrained devices, enables use cases ranging from
personal wearables to smart homes and smart cities, up to
digitization in the industrial domain. Together with
traditional Internet devices, smartphones and IoT devices
thus shape a more diverse evolved Internet. The development
to this evolved Internet motivates the question for a
likewise evolved secure communication that fits new demands.
To examine the need for improvements, we analyze the state
of the art of secure communication for the different
scenarios of the evolved Internet. Thereby, we focus on our
primary goal to achieve advanced security, advanced privacy,
a solid trust infrastructure for authentication, high
efficiency, and an up-to-date and effective deployment. Our
analysis reveals several open challenges, especially missing
advanced security and privacy features for secure
communication in the IoT, the need for increased efficiency
of secure communication by smartphones, and the demand for
efficient secure low-latency communication in the industrial
IoT. Furthermore, also considering the traditional Internet,
we identify open problems in the PKI-based trust
infrastructure, and highlight the need to understand drivers
and obstacles of the roll-out of new security mechanisms to
improve their adoption and effective use. We tackle these
open challenges with four contributions. As first
contribution, we tailor onion routing and the Tor anonymity
network to resource-constrained IoT devices. Thereby, we can
increase user privacy by protecting the metadata of IoT
communication, and also realize a resource-efficient
in-network access control. Additionally, we enable IoT
devices to use large and versatile secure communication
stacks. In our second contribution, we increase secure
communication efficiency by devising new best practices for
the establishment of secure connections by smartphones and
realizing secure low-latency communication for the
industrial IoT. Our third contribution focuses on the trust
infrastructure of secure communication. We provide a
detailed risk analysis of cross-signing in the Web PKI,
revealing that it can cause undesired certificate trust
paths, and propose new rules and guidelines that preserve
the positive effects of cross-signing while mitigating its
risks. In our fourth contribution, we analyze drivers and
obstacles for the effective roll-out of adapted security
protocols and procedures focusing on the next-generation
security protocol TLS 1.3 and the Certification Authority
Authorization mechanism for the Web PKI. Overall, we show
the need for adapting secure communication to the evolved
Internet and present corresponding improvements.},
cin = {121710 / 120000},
ddc = {004},
cid = {$I:(DE-82)121710_20140620$ / $I:(DE-82)120000_20140620$},
typ = {PUB:(DE-HGF)11 / PUB:(DE-HGF)3},
doi = {10.18154/RWTH-2023-02653},
url = {https://publications.rwth-aachen.de/record/953725},
}
guest ::