Research Seminar on 22.07.2024 16:00
Room 03.07.023

Improvements to Convolutional Forward Erasure Correction Coding

Final talk for Interdisciplinary Project
Michael Hackl (Holzinger, Lachnit, Stubbe, Günther)

Security Aspects of the MLS Protocol beyond Building Blocks

Final talk for Master's Thesis
Vera Wesselkamp (Cas Cremers, Wüstrich)

Modeling Web Page Performance Improvements via Loading Graphs and Testbed Simulations

Intermediate talk for Master's Thesis
Jonas Merforth (Sosnowski, Wiedner)

Evaluation of Methods for Enhancing Web Applications Integrity

Intermediate talk for Bachelor's Thesis
Rayen Manai (Genchev, Glas)

Performance Optimization Strategies for Source-Accessible Web Applications

Intermediate talk for Bachelor's Thesis
Aida Begzadic (Wiedner, Wüstrich)

Research Seminar on 24.07.2024 16:00
Room 03.07.023

Happy Eyeballs: A Comprehensive Analysis of the Deployment and Configuration Across Various Versions and Implementations

Final talk for Bachelor's Thesis
Matthias Kirstein (sattler, wuestrich, zirngibl)

Tracking the Lifetime of Domains

Final talk for Master's Thesis
Christian Benedikt Dietze (zirngibl, sattler)

Graph-based Modeling and Analysis of the TLS Ecosystem

Final talk for Master's Thesis
Tim Betzer (Sosnowski)

Evaluating performance and usability of MASQUE-proxying

Intermediate talk for Bachelor's Thesis
Guilherme Stark (Steger, Kempf)

Research Seminar on 30.07.2024 16:00
Room 03.07.023

Design and Implementation of a Configurable QUIC Workload Framework

Final talk for Bachelor's Thesis
Amal Smaoui (Holzinger, Lachnit)

Developing a Methodology for Reproducible and Comparable Penetration Testing

Final talk for Master's Thesis
Roland Reif (Wüstrich)

Research Seminar on 12.08.2024 16:00
Room 03.07.023

Sourcing Service-Specific IPv6-Hitlists using IPv4 Port Scans and Subdomain Analysis

Intermediate talk for Bachelor's Thesis
Dimitar Vasilev (Sattler, Zirngibl, Steger)

ASQ-GINO: Answering Subnet Queries with the Global INternet Observatory

Intermediate talk for Master's Thesis
Tobias Wothge (Sattler, Zirngibl, Steger)


Exploring data plane updates on P4 switches with P4Runtime

Authors: Henning Stubbe, Sebastian Gallenmüller, Manuel Simon, Eric Hauser, Dominik Scholz, Georg Carle

21st IEEE International Conference on Mobile Ad-Hoc and Smart Systems (MASS 2024)

Assessment of OPC UA PubSub at Scale using TSN Infrastructure and Network Calculus

Authors: Filip Rezabek, Max Helm, Nicolas Buchner, Monika Smolarska, Benedikt Jaeger, Georg Carle

Proceedings of the 2nd SIGCOMM 2024 Workshop on eBPF and Kernel Extensions

Honey for the Ice Bear - Dynamic eBPF in P4

Authors: Manuel Simon, Henning Stubbe, Sebastian Gallenmüller, Georg Carle


QUIC on the Fast Lane: Extending Performance Evaluations on High-rate Links

Authors: Marcel Kempf, Benedikt Jaeger, Johannes Zirngibl, Kevin Ploch, Georg Carle

Proceedings of the 6th ACM International Symposium on Blockchain and Secure Critical Infrastructure

On the Impact of Network Transport Protocols on Leader-Based Consensus Communication

Authors: Richard von Seck, Filip Rezabek, Sebastian Gallenmüller, Georg Carle

Proc. IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

An Internet-wide View on HTTPS Certificate Revocations: Observing the Revival of CRLs via Active TLS Scans

Authors: Markus Sosnowski, Johannes Zirngibl, Patrick Sattler, Juliane Aulbach, Jonas Lang, Georg Carle

International Federation for Information Processing (IFIP) Networking Conference 2024

A Quantum of QUIC: Dissecting Cryptography with Post-Quantum Insights

Authors: Marcel Kempf, Nikolas Gauder, Benedikt Jaeger, Johannes Zirngibl, Georg Carle


EFACTLS: Effective Active TLS Fingerprinting for Large-scale Server Deployment Characterization

Active measurements allow the collection of server characteristics on a large scale that can aid in discovering hidden relations and commonalities among server deployments. Finding these relations opens up new possibilities for clustering and classifying server deployments; for example, identifying a previously unknown cybercriminal infrastructure can be valuable cyber-threat intelligence. In this work, we propose a methodology based on active measurements to acquire Transport Layer Security (TLS) metadata from servers and leverage it for fingerprinting. Our fingerprints capture characteristic behavior of the TLS stack, primarily influenced by the server’s implementation, configuration, and hardware support. Using an empirical optimization strategy that maximizes information gained from every handshake to minimize measurement costs, we generated 10 general-purpose Client Hellos. They served as scanning probes to create an extensive database of TLS configurations to classify servers. We propose the Shannon Entropy to measure collected information and compare different approaches. This study fingerprinted 8 million servers from the Tranco top list and two Command and Control (C2) blocklists over 60 weeks with weekly snapshots. The resulting data formed the foundation for two long-term case studies: classification of Content Delivery Network and C2 servers. Moreover, the detection was fine-grained enough to detect C2 server families. The proposed methodology demonstrated a precision of 99% and enabled a stable identification of new servers over time. This study shows how active measurements can provide valuable security-relevant insights and improve our understanding of the Internet.

Authors: Markus Sosnowski, Johannes Zirngibl, Patrick Sattler, Georg Carle, Claas Grohnfeldt, Michele Russo, Daniele Sgandurra

International Federation for Information Processing (IFIP) Networking Conference 2024 - SLICES Workshop

RO-Crate for Testbeds: Automated Packaging of Experimental Results

Authors: Eric Hauser, Sebastian Gallenmüller, Georg Carle

Proc. Network Traffic Measurement and Analysis Conference (TMA)

Propagating Threat Scores With a TLS Ecosystem Graph Model Derived by Active Measurements

The Internet is shaped by independent actors and heterogeneous deployments. With the wide adoption of Transport Layer Security (TLS), a whole ecosystem of intertwined entities emerged. Acquiring a comprehensive view allows searching for previously unknown malicious entities and providing valuable cyber-threat intelligence. Actively collected Internet-wide Domain Name System (DNS) and TLS meta-data can provide the basis for such large-scale analyses. However, in order to efficiently navigate the vast volumes of data, an effective methodology is required. This work proposes a graph model of the TLS ecosystem that utilizes the relationships between servers, domains, and certificates. A Probabilistic Threat Propagation (PTP) algorithm is then used to propagate a threat score from existing blocklists to related nodes. We conducted a one-year-long measurement study of 13 monthly active Internet-wide DNS and TLS measurements to evaluate the methodology. The latest measurement found four highly suspicious clusters among the nodes with high threat scores. External threat intelligence services were used to confirm a high rate of maliciousness in the rest of the newly found servers. With the help of optimized thresholds, we identified 557 domains and 11 IP addresses throughout the last year before they were known to be malicious. Up to 40% of the identified nodes appeared on average three months later on the input blocklist. This work proposes a versatile graph model to analyze the TLS ecosystem and a PTP analysis to help security researchers focus on suspicious subsets of the Internet when searching for unknown threats.

Authors: Markus Sosnowski, Patrick Sattler, Johannes Zirngibl, Tim Betzer, Georg Carle

BSCI'24: Best Student Paper Award

Best Student Paper Award at BSCI 2024

Our publication "On the Impact of Network Transport Protocols on Leader-Based Consensus Communication" has been awarded with the Best Student Paper Award at the 6th ACM International Symposium on Blockchain and Secure Critical Infrastructure 2024.

In our work ...

TUM Blockchain Salon 2024


On 16 and 17 May 2024 we organize the second edition of the TUM Blockchain Salon at the Institute of Advanced Studies (IAS). The event will host more than 20 speakers distributed over 8 sessions with a parallel poster session. Researchers involved in SUPREMS will be present both ...

NetSec Guest Lecture: Cyber Security Assessments in Practice


At universities, cyber security is often viewed solely from the perspective of the attackers and defenders. In their guest lecture "Cyber Security Assessments in Practice", Nico Fechtner and Merten Nagel from usd AG shed light on a new perspective: They outline how compliance with legal and regulatory requirements ...

WueWoWas'23: Best Workshop Contribution Award

Best Contribution Award at WueWoWas 2023

Our publication "Never Miss Twice - Add-On-Miss Table Updates in Software Data Planes" has been awarded as the one Best Workshop Contribution at the KuVS Fachgespräch - Würzburg Workshop on Modeling, Analysis and Simulation of Next-Generation Communication Networks 2023 (WueWoWas’23).


TMA'23: Best Paper Award

Best Paper Award at TMA 2023

Our publication "Target Acquired? Evaluating Target Generation Algorithms for IPv6" has been awarded with the Best Paper Award at the Network Traffic Measurement and Analysis Conference (TMA 2023).

The publication is a collaboration with Oliver Gasser from the Max ...