Hans-Joachim Hof

Jakob Löw, Vishwa Vasu, Thomas Hutzelmann et al.

ISO 15118, the leading standard for DC fast charging in Europe, includes a plug-and-charge mechanism that allows electric vehicles to handle payment automatically via contract certificates. We present a novel relay attack against this mechanism: an attacker builds a fake charging station, plugs it into a victim's vehicle, and relays the cryptographic authentication to a real charging station - charging the attacker's vehicle while billing the victim. The attack exploits the absence of station-identifying information in the plug-and-charge signature, combined with weaknesses in how ISO 15118 handles TLS certificates. We provide a proof-of-concept implementation demonstrating the full attack chain and discuss possible mitigations and alternatives. As plug-and-charge adoption grows, addressing this vulnerability is critical before it becomes widely exploitable.

Jakob Löw, Lukas Eder, Alexander Müller et al.

Modern charging communication standards for electric vehicles include optional security controls such as TLS-based authentication and encryption. However, with tens of thousands of fast charging points deployed in any given country, individually testing each one for security control support is infeasible. This paper proposes a scalable, extrapolation-based methodology for assessing charging station cybersecurity at a national level. A market analysis identifies operator-manufacturer pairs, enabling the targeted selection of charging stations for field testing, whose results can then be extrapolated to all stations sharing the same combination. We demonstrate this methodology for Germany, covering over 40000 CCS charging points as of December 2025. With a manageable number of field tests, our extrapolated data examines 51.9\% of german CCS charging stations. It shows that only 27.4\% of charging stations in our scope provide TLS-protected communication, despite widespread theoretical support.

Christoph Ponikwar, Hans-Joachim Hof, Smriti Gopinath et al.

In recent time, the standards for Vehicular Ad-hoc Networks (VANETs) and Intelligent Transportation Systems (ITSs) matured and scientific and industry interest is high especially as autonomous driving gets a lot of media attention. Autonomous driving and other assistance systems for cars make heavy use of VANETs to exchange information.They may provide more comfort, security and safety for drivers. However, it is of crucial importance for the user's trust in these assistance systems that they could not be influenced by malicious users. VANETs are likely attack vectors for such malicious users, hence application-specific security requirements must be considered during the design of applications using VANETs. In literature, many attacks on vehicular communication have been described but attacks on specific vehicular networking applications are often missing. This paper fills in this gap by describing standardized vehicular networking applications, defining and extending previous attacker models, and using the resulting new models to characterize the possible attackers interested in the specific vehicular networking application. The attacker models presented in this paper hopefully provide great benefit for the scientific community and industry as they allow to compare security evaluations of different works, characterize attackers, their intentions and help to plan application-specific security controls for vehicular networking applications.

Christoph Ponikwar, Hans-Joachim Hof

Major standardization bodies developed and designed systems that should be used in vehicular ad-hoc networks. The Institute of Electrical and Electronics Engineers (IEEE) in America designed the wireless access in vehicular environments (WAVE) system. The European Telecommunications Standards Institute (ETSI) did come up with the "ITS-G5" system. Those Vehicular Ad-hoc Networks (VANETs) are the basis for Intelligent Transportation Systems (ITSs). They aim to efficiently communicate and provide benefits to people, ranging from improved safety to convenience. But different design and architectural choices lead to different network properties, especially security properties that are fundamentally depending on the networks architecture. To be able to compare different security architectures, different proposed approaches need to be discussed. One problem in current research is the missing focus on different approaches for trust establishment in VANETs. Therefore, this paper surveys different security issues and solutions in VANETs and we furthermore categorize these solutions into three basic trust defining architectures: centralized, decentralized and hybrid. These categories represent how trust is build in a system, i.e., in a centralized, decentralized way or even by combining both opposing approaches to a hybrid solution, which aims to inherit the benefits of both worlds. This survey defines those categories and finds that hybrid approaches are underrepresented in current research efforts.

Christoph Pohl, Michael Meier, Hans-Joachim Hof

Honeypots are used in IT Security to detect and gather information about ongoing intrusions, e.g., by documenting the approach of an attacker. Honeypots do so by presenting an interactive system that seems just like a valid application to an attacker. One of the main design goals of honeypots is to stay unnoticed by attackers as long as possible. The longer the intruder interacts with the honeypot, the more valuable information about the attack can be collected. Of course, another main goal of honeypots is to not open new vulnerabilities that attackers can exploit. Thus, it is necessary to harden the honeypot and the surrounding environment. This paper presents Apate, a Linux Kernel Module (LKM) that is able to log, block and manipulate system calls based on preconfigurable conditions like Process ID (PID), User Id (UID), and many more. Apate can be used to build and harden High Interaction Honeypots. Apate can be configured using an integrated high level language. Thus, Apate is an important and easy to use building block for upcoming High Interaction Honeypots.

Christoph Pohl, Hans-Joachim Hof

Nowadays, the use of agile software development methods like Scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software development projects. In traditional software projects, security issues require detailed planning in an initial planning phase, typically resulting in a detailed security analysis (e.g., threat and risk analysis), a security architecture, and instructions for security implementation (e.g., specification of key sizes and cryptographic algorithms to use). Agile software development methods like Scrum are known for reducing the initial planning phases (e.g., sprint 0 in Scrum) and for focusing more on producing running code. Scrum is also known for allowing fast adaption of the emerging software to changes of customer wishes. For security, this means that it is likely that there are no detailed security architecture or security implementation instructions from the start of the project. It also means that a lot of design decisions will be made during the runtime of the project. Hence, to address security in Scrum, it is necessary to consider security issues throughout the whole software development process. Secure Scrum is a variation of the Scrum framework with special focus on the development of secure software throughout the whole software development process. It puts emphasis on implementation of security related issues without the need of changing the underlying Scrum process or influencing team dynamics. Secure Scrum allows even non- security experts to spot security issues, to implement security features, and to verify implementations. A field test of Secure Scrum shows that the security level of software developed using Secure Scrum is higher then the security level of software developed using standard Scrum.

Rainer Falk, Steffen Fries, Hans-Joachim Hof

With the advent of the smart energy grid - an energy transportation and distribution network being combined with an IT network for its monitoring and control - information security has gained tremendous importance for energy distribution and energy automa- tion systems. Integrated security functionality is crucial to ensure a reliable and continuous operation of the smart energy grid. Further security related challenges arise from the integration of millions of smart homes into the smart grid. This paper gives an overview of the smart energy grid environment and its challenges. Many future use cases are centered around the smart home, using an ICT gateway. Approaches to protect the access and data exchange are described, preventing manipulation of ICT gateway operation. The paper presents ASIA - an Authentication, Session Invocation, and Authorization component to be used in the smart energy grid, to protect ICT gateways and to cope with problems like ICT gateway discovery and ICT gateway addressing.

Christoph Pohl, Hans-Joachim Hof

Timing attacks are a challenge for current intrusion detection solutions. Timing attacks are dangerous for web applications because they may leak information about side channel vulnerabilities. This paper presents a massive-multi-sensor zero-configuration Intrusion Detection System that is especially good at detecting timing attacks. Unlike current solutions, the proposed Intrusion Detection System uses a huge number of sensors for attack detection. These sensors include sensors automatically inserted into web application or into the frameworks used to build web applications. With this approach the Intrusion Detection System is able to detect sophisticated attacks like timing attacks or other brute-force attacks with increased accuracy. The proposed massive-multi-sensor zero-configuration intrusion detection system does not need specific knowledge about the system to protect, hence it offers zero-configuration capability.

Rainer Falk, Steffen Fries, Hans-Joachim Hof

Using communication services is a common part of everyday life in a personal or business context. Communication services include Internet services like voice services, chat service, and web 2.0 technologies (wikis, blogs, etc), but other usage areas like home energy management and eMobility are will be increasingly tackled. Such communication services typically authenticate participants. For this identities of some kind are used to identify the communication peer to the user of a service or to the service itself. Calling line identification used in the Session Initiation Protocol (SIP) used for Voice over IP (VoIP) is just one example. Authentication and identification of eCar users for accounting during charging of the eCar is another example. Also, further mechanisms rely on identities, e.g., whitelists defining allowed communication peers. Trusted identities prevent identity spoofing, hence are a basic building block for the protection of communication. However, providing trusted identities in a practical way is still a difficult problem and too often application specific identities are used, making identity handling a hassle. Nowadays, many countries introduced electronic identity cards, e.g., the German "Elektronischer Personalausweis" (ePA). As many German citizens will possess an ePA soon, it can be used as security token to provide trusted identities. Especially new usage areas (like eMobility) should from the start be based on the ubiquitous availability of trusted identities. This paper describes how identity cards can be integrated within three domains: home energy management, vehicle-2-grid communication, and SIP-based voice over IP telephony. In all three domains, identity cards are used to reliably identify users and authenticate participants. As an example for an electronic identity card, this paper focuses on the German ePA.

Hans-Joachim Hof

Nowadays, advanced security mechanisms exist to protect data, systems, and networks. Most of these mechanisms are effective, and security experts can handle them to achieve a sufficient level of security for any given system. However, most of these systems have not been designed with focus on good usability for the average end user. Today, the average end user often struggles with understanding and using security mechanisms. Other security mechanisms are simply annoying for end users. As the overall security of any system is only as strong as the weakest link in this system, bad usability of IT security mechanisms may result in operating errors, resulting in insecure systems. Buying decisions of end users may be affected by the usability of security mechanisms. Hence software providers may decide to better have no security mechanism then one with a bad usability. Usability of IT security mechanisms is one of the most underestimated properties of applications and systems. Even IT security itself is often only an afterthought. Hence, usability of security mechanisms is often the afterthought of an afterthought. Software developers are missing guidelines on how to build security mechanisms with good usability for end users. This paper presents some guidelines that should help software developers to improve end user usability of security-related mechanisms, and analyzes common applications based on these guidelines.

Alexander Schmidtke, Hans-Joachim Hof

Unsolicited email (spam) is still a problem for users of the email service. Even though current email anti-spam solutions filter most spam emails, some spam emails still are delivered to the inbox of users. A special class of spam emails advertises websites, e.g., online dating sites or online pharmacies. The success rate of this kind of advertisement is rather low, however, as sending an email does only involve minimal costs, even a very low success rate results in enough revenue such that this kind of advertisement pays off. The anti-spam approach presented in this paper aims on increasing the costs for websites that are advertised by spam emails and on lowering the revenues from spam. Costs can be increased for a website by increasing traffic. Revenues can be decreased by making the website slow responding, hence some business gets lost. To increase costs and decreased revenues a decentralized peer-to-peer coordination mechanism is used to have mail clients to agree on a start date and time for an anti-spam campaign. During a campaign, all clients that received spam emails advertings a website send an opt-out request to this website. A huge number of opt-out requests results in increased traffic to this website and will likely result in a slower responsibility of the website. The coordination mechanism presented in this paper is based on a peer-to-peer mechanisms and a so-called paranoid trust model to avoid manipulation by spammers. An implementation for the Thunderbird email client exist. The anti-spam approach presented in this paper breaks the economy of spam, hence makes advertisement by unsolicited emails unattractive.

Hans-Joachim Hof

Nowadays, advanced security mechanisms exist to protect data, systems, and networks. Most of these mechanisms are effective, and security experts can handle them to achieve a sufficient level of security for any given system. However, most of these systems have not been designed with focus on good usability for the average end user. Today, the average end user often struggles with understanding and using security mecha-nisms. Other security mechanisms are simply annoying for end users. As the overall security of any system is only as strong as the weakest link in this system, bad usability of IT security mechanisms may result in operating errors, resulting in inse-cure systems. Buying decisions of end users may be affected by the usability of security mechanisms. Hence, software provid-ers may decide to better have no security mechanism then one with a bad usability. Usability of IT security mechanisms is one of the most underestimated properties of applications and sys-tems. Even IT security itself is often only an afterthought. Hence, usability of security mechanisms is often the after-thought of an afterthought. This paper presents some guide-lines that should help software developers to improve end user usability of security-related mechanisms, and analyzes com-mon applications based on these guidelines. Based on these guidelines, the usability of email encryption is analyzed and an email encryption solution with increased usability is presented. The approach is based on an automated key and trust man-agement. The compliance of the proposed email encryption solution with the presented guidelines for usable security mechanisms is evaluated.