Welcome Summer School Students!
This website is now in archive mode. However, you can still access the recorded talks. You may watch the entire Playlist at Youtube. Maybe until next time. For any questions, do not hesitate to send an e-mail to the organizers: sethi.iuk@uni-rostock.de
Content
- Introduction of Lecturers
- Talk 1 – Introduction to the summer school: Internet of Things (IoT) and SCADA Systems as Security Challenge
- Talk 2 – Revising some Computer Security Basics (Part 1)
- Talk 3 – Revising some Computer Security Basics (Part 2)
- Talk 4 – Introduction to the KNX Bus System
- Talk 5 – Security Aspects of KNX, LoRaWAN, Z-Wave and Similar Protocols
- Talk 6 – The Physical Layer in Field Bus Systems
- Talk 7 – Hacking the DDC4200 Controller: Theoretical Background for the Workshop
- Talk 8 – Comparison of Fieldbus Systems and Protocols
- Talk 9 – Forensic Analysis in KNX Log Data
- Talk 10 – Risk Analysis for Building Automation Systems
- Talk 11 – Ethics of Hacking – Attack Vectors, Penetration Testing and the disclosure of vulnerabilities
- Talk 12 – How We Found Out Who Refuses to Wash Hands: A Case Study on Privacy
- Talk 13 – Privacy and Data Protection
- Talk 14 – Architecture and Technologies for Privacy
- Talk 15 – Modeling field bus networks and modeldriven security analysis
- Talk 16 – Forensic analysis of IoT devices and field busses
- Talk 17 – Challenges for Managing an University Campus
- Talk 18 – Guest lecture T-Systems MMS – Penetration testing
- Workshop 1 – IoT Examples
- Workshop 2 – Penetration Testing with an Industrial controller
- Workshop 3 – Analysis of KNX-bus Log Data
- Workshop 4 – Measurements on the Physical Layer of the KNX-bus
- A Big Thank You!
Introduction of Lecturers
Talk 1 – Introduction to the summer school: Internet of Things (IoT) and SCADA Systems as Security Challenge
As an introduction to the summer school we want to learn about the Internet of Things (IoT), about SCADA systems and their importance for the civil and industrial society of tomorrow. We will discuss the economic impact of these infrastructure elements and have a first look at the security issues connected with them. Also the student will get an overview of the further teaching units of the summer school and how they are connected.
Talk 2 – Revising some Computer Security Basics (Part 1)
The talks will revise some computer security basics in order to establish a common terminology and knowledge for the next courses to build up. Part 1 will establish a common understanding of very basic definitions and principles that will allow the students to master the upcoming talks that will make use of this vocabulary. The lecture will discuss what is meant when we talk about cyber security and what IT protection goals stand behind this catchphrase. It will look at typical approaches to achieve the compliance of those protection goals and will mediate the difficulties of such attempts.
The slides are available as PDF.
Talk 3 – Revising some Computer Security Basics (Part 2)
The talks will revise some computer security basics in order to establish a common terminology and knowledge for the next courses to build up. Part 2 will describe the classical defence methods used in computer security to counteract the describe attack vectors and establish the desired protection goals. We will talk about symmetric and asymmetric encryption, hash functions and need for randomization. In addition to a repetition of basic notions we will deal with aspects which are of particular importance for small devices, such as processor performance or limited entropy pools. Moreover we will address challenges posed by light-weight protocols. We will outline why the established security technology from classical networking often fails in IoT and SCADA environments.
The slides are available as PDF.
Talk 4 – Introduction to the KNX Bus System
In this talk we use the KNX bus as an example to show how a fieldbus works. KNX is a good example because it is the most frequently used building automation. The Institute of Computer Science in Rostock is itself equipped with KNX and serves as an example. The lecture focuses on devices on the bus, topology and protocol structure. It serves as a basis for further talks dealing with the security of fieldbuses.
The slides are available as PDF.
Talk 5 – Security Aspects of KNX, LoRaWAN, Z-Wave and Similar Protocols
We assess the security mechanisms defined in the LoRaWAN and Z-Wave
specifications and describe own research to show, whether those security
mechanisms are sufficient. For this, we explain typical attacks on radio based networks. We further show which precautions are necessary not to undermine these measures and whether additional security measures may be necessary.
The slides are available as PDF.
Talk 6 – The Physical Layer in Field Bus Systems
This talk will show the physical layer characteristics of commonly used field bus systems and discuss the feasibility of implementing security features on that layer. Possible uses are the detection of attacks from newly added devices or to expose tampering with the physical transmission medium. The techniques presented in this talk will include device fingerprinting as well as passive and active measurements of the bus itself. For people who are interested in practical examples, there will be a workshop on this topic as well.
The slides are available as PDF.
Talk 7 – Hacking the DDC4200 Controller: Theoretical Background for the Workshop
In this talk the students will be prepared for the practical workshop. Firstly, general information about the device in question, a controller in building automation, is given. Possible implications that can be achieved with a hacked device will also be discussed. Secondly, basic techniques and working methods of forensics and penetration testing will be taught which can be used during the workshop.
The slides are available as PDF.
Talk 8 – Comparison of Fieldbus Systems and Protocols
This talk gives an introduction to the basic principles of field bus systems and evinces the extensive application domains of this technology that is more and more used in all parts of our modern everyday life. Typical properties of protocols will be elaborated and various example bus systems of different application domains such as buildings, cars or industrial automation will be compared with each other on the basis of previously developed characteristics.
The slides are available as PDF.
Talk 9 – Forensic Analysis in KNX Log Data
This talk will give an introduction on how to log Data in a KNX system.
The main part will examine a forensic analysis of this logged data. Data from building automation systems may not only be used to monitor the correct functionality of the devices. In contrast, it is revealing a lot more information. The movement of people inside a building may be derived from the logs and with that even some activities. The goal of this talk is to present methods on how to approach to such data and which possibilities are given to retrieve the wanted information. This talk shall also prepare the students for the workshop to work themselves with logged data.
The slides are available as PDF.
Talk 10 – Risk Analysis for Building Automation Systems
In this talk, the students get a closer look to building automation out of the perspective of security. In normal installations of building automation systems the security is not considered an important part or just not at all. We want to have a closer look with which methods it is possible to measure risks in this kind of systems and how this could help to secure the installations. Beside the presentation of a possibility to evaluate the different endangerment of parts of the network, a joint discussion of docent and students should evaluate these methods.
The slides are available as PDF.
Talk 11 – Ethics of Hacking – Attack Vectors, Penetration Testing and the disclosure of vulnerabilities
This talk will be looking at classical attack vectors on IT systems and the surrounding physical systems as well as social aspects. A set of commonly known attack classes will be presented, followed up by a discussion about changes and risks that come along when using attacks on IT systems for penetration tests. It is taught to the students that those processes entail a highly creative aspect. The process of disclosing discovered vulnerabilities will be covered by giving examples of real world disclosure strategies that have been implemented. All of this is not lectured without teaching the basics of ethics first, that is of vital importance in this field of expertise. A joint discussion of all participants brainstorming attack vectors will complement the session and challenge the students to actively engage in the just learned.
The slides are available as PDF.
Talk 12 – How We Found Out Who Refuses to Wash Hands: A Case Study on Privacy
Modern buildings are often equipped with universal bus systems. The purpose of these bus systems is to control the functions of houses such as lighting, climate control and heating. In this talk we present a case study that shows how privacy issues evolve out of an untypical utilization of those control systems. As a controversial example, we show that we are able to tell, who does not perform proper hand washing by sampling data from the control network and applying an old-fashioned Monte-Carlo simulation to the problem.
The slides are available as PDF.
Talk 13 – Privacy and Data Protection
The Talk will provide a definition of privacy and will outline some conceptual frameworks how to deal with this notion. It will give an overview on the historical development of privacy as a social value. In practical examples we will then demonstrate the general need for privacy particularly in connection with networked small devices and things of everyday life. We shall then touch upon data protection law and its current implementation in the EU data protection regulation. We will explain the impact of this for the computer engineer working with IoT and SCADA systems.
The slides are available as PDF.
Talk 14 – Architecture and Technologies for Privacy
The Talk will introduce architectures and technologies how privacy can be established. We will deal with architectural approaches towards system design and specification in general. Privacy by design techniques such as data minimization or privacy preserving defaults will be presented. Finally we discuss privacy enhancing technologies to demonstrate that networked services can be designed in a manner to maximize the privacy of their users. We will give examples how these principles can and should be applied in the IoT domain.
The slides are available as PDF.
Talk 15 – Modeling field bus networks and model driven security analysis
We take a look at the basics of Data modelling, how we can do it in our everyday life, using a general everyday example. We can take a general look at Fieldbus systems, and what do we need to model these systems. We take a look at basics of Security analysis and how data modeling can help us perform security analysis.
The slides are available as PDF.
Talk 16 – Forensic analysis of IoT devices and field busses
In this lecture the basics of forensic analysis of IoT devices are taught. Special attention will be paid to the cryptographic keys contained in the devices and the available log data. Real situations and procedures are shown at different demonstration objects. On the technical side, the participants learn about the possibilities offered by forensics and which data is stored in which structures. Methodically, the participants will be enabled to conduct their own simple forensic investigations.
The slides are available as PDF.
Talk 17 – Challenges for Managing an University Campus
This lesson describes the challenge of running modern buildings, problems, risks, and barriers to flexible action. In particular, the unification of research and teaching on the one hand and secure operation on the other hand requires new approaches in business management.
Talk 18 – Guest lecture T-Systems MMS – Penetration testing
Workshop 1 – IoT Examples
We will have a look at IoT architectures with a special focus on security. We use LoRaWAN as an example for this.
The recording was made with the express permission of all participants.
The sample program is available for download.
Workshop 2 – Penetration Testing with an Industrial controller
For these workshops we put ourselves in the perspective of an attacker. The target of the attack is a DDC4200, which is often used to control building automation systems. We will examine the services running on the device, analyse the firmware of the device, and gain full access to it.
Workshop 3 – Analysis of KNX-bus Log Data
The workshop will apply acquired knowledge of building automation systems (concrete example will be KNX). Participants will use real world log data to consider, understand and finally answer a forensic question. The workshop will mediate the possibilities of evaluating log data as well as take a look at what type of questions can be answered by the help of such data. Therefore we will work with database queries. For that part a basic introduction to working with databases will be given. Besides log data we will use software tools that allow to interfere with and to record field bus communication. Open source versions as well as the commercial ETS software will be presented. The later one is the software that is used when KNX installations are being set up but also to listen to communication on the system later on.
Workshop 4 – Measurements on the Physical Layer of the KNX-bus
For these workshops we will perform practical measurements on a multi-device test setup of a KNX network and have a look on how exactly data is encoded and transmitted on the electrical level. Going further, we will try to detect unknown devices as well as changes in the bus’ physical topology. To do this, we will use a USB oscilloscope to capture waveforms being transmitted on the bus and then perform signal analysis using Matlab/Octave or similar tools/libraries.
- (Cross-) correlation
- Fourier transform
- Sample Solution as Jupyter Notebook
- Sample Solution for Google Colab
A Big Thank You!
Funded by

A Collaboration Of






