The Internet of Things (IoT) allows the collection and communication of data from physical things as well as sending and receiving commands for interaction and actuation. Thus, it is one of the key enablers for digitalization and indispensable to seizing promised potentials like increasing the efficiency of processes. As a result, the IoT grows continuously, expands in dedicated strains like the Industrial IoT (IIoT) for industry or the Consumer IoT for everyday applications, and comes in touch with more and more sensitive data and commands, making it a sweet spot for attackers. Therefore, a secure and safe operation is essential to protect, e.g., workers laboring in the operating space of machines and the environment, which were shown to suffer from the misoperation of critical IIoT deployments. As a foundation for such a secure and safe operation IIoT protocols nowadays include security features. However, it is unclear whether these developments of protocol specifications lead to a secure IIoT in practice or whether and why insecure deployments remain in operation. In this dissertation, we address the open research gap of the current uncertainty on IIoT security and encourage secure-by-default deployments. To this end, we first set out to assess the security of today’s IIoT. Second, we analyze the pitfalls that hinder operators from operating securely despite the existence of secure protocols. Last, we propose novel approaches to help operators secure their future deployments. Our first three contributions show from various angles that the majority of Internet-exposed IIoT deployments are insecurely configured, independently of their potential deployment date and the protocol used being either secure-by-design or retrofitted. For example, 92% of 1,114 Internet-exposed OPC UA deployments suffer from deficient security configurations. Similarly, only a minority of 6.5% of 967,551 deployments protect their communication via Transport Layer Security (TLS). Even if deployments implement secure communication, they are often only seemingly secure: Most prominently, various deployments reuse compromised secrets, neglecting any security benefits. In our fourth contribution, we trace this problem back to modern technologies like containerization that ease deployment processes but also disguise security issues. Specifically, we analyze 337,171 public container images and show that 8.5% of them include secrets. Even more alarming, 275,269 TLS and SSH hosts on the Internet rely their authentication on these secrets. To overcome such issues, in our last two contributions, we (i) propose ColPSA that—without requiring security expertise—gives deployment-agnostic security advice to users after crowdsourcing configuration possibilities and (ii) present LUA-IoT, our user-friendly authentication scheme for the whole IoT, that reduces the configuration barrier for secure communication and enables automatic certificate enrollment to IoT deployments. Our contributions underpin the vast amount of issues in IIoT security despite the existence of strong security features in today’s protocol specifications and sketch countermeasures to tackle the identified pitfalls that operators tap into when configuring their deployments. Overall, this dissertation encourages shifting from secure-by-design to secure-by-default protocols and establishes two approaches as a foundation to support operators in configuring today’s protocols.

Following the advent of the Internet of Things (IoT), users and their devices transmit sensitive data over the Internet. For the Web, Let’s Encrypt offers a usable foundation to safeguard such data by straightforwardly issuing certificates. However, its approach is not directly applicable to the IoT as deployments lack a (dedicated) domain or miss essentials to prove domain ownership required for Let’s Encrypt. Thus, a usable approach to secure IoT deployments by properly authenticating IoT devices is missing. To close this research gap, we propose LUA-IoT, our framework to Let’s Usably Authenticate the IoT. LUA-IoT enables autonomous certificate enrollment by orienting at the success story of Let’s Encrypt, seamlessly integrating in the setup process of modern IoT devices, and relying on process steps that users already know from other domains. In the end, LUA-IoT binds the authenticity of IoT deployments to a globally valid user identifier, e.g., an email address, that is included in certificates directly issued to the IoT deployments. We exemplarily implement LUA-IoT to show that it is realizable on commodity IoT hardware and conduct a small user study indicating that LUA-IoT indeed nudges users to safeguard their devices and data (transmissions).

The increasing demands on the power grid require intelligent and flexible solutions that ensure the grid’s stability. Many of these measures involve sophisticated communication between the control center and the stations that is not efficiently realizable using traditional protocols, e.g., IEC 60870-5-104. To this end, IEC 61850 introduces data models which allow flexible communication. Still, the specification leaves open how DSOs should interconnect their stations to realize resilient communication between the control center and station devices. However, DSOs require such communication to adapt modern solutions increasing the grid’s capacity, e.g., adaptive protection systems. In this paper, we present our envisioned network and communication concept for future DSO’s ICT infrastructures that enables the control center to resiliently and flexibly communicate with station devices. For resilience, we suggest interconnecting each station with two distinct communication paths to the control center, use MPLS-TP and MPTCP for fast failovers when a single link fails, and mTLS to protect the communication possibilities against misuse. Additionally, in accordance with IEC 61850, we envision the control center to communicate with the station devices using MMS by using the station RTU as a proxy.

Advances like Industry 4.0 lead to a rising number of Internet-connected industrial deployments and thus an Industrial Internet of Things with growing attack vectors. To uphold a secure and safe operation of these deployments, industrial protocols nowadays include security features, e.g., end-to-end secure communication. However, so far, it is unclear how well these features are used in practice and which obstacles might prevent operators from securely running their deployments. In this research description paper, we summarize our recent research activities to close this gap. Specifically, we show that even secure-by-design protocols are by far no guarantee for secure deployments. Instead, many deployments still open the doors for eavesdropping attacks or malicious takeovers. Additionally, we give an outlook on how to overcome identified obstacles allowing operators to configure their deployments more securely.

Internet-wide studies provide extremely valuable insight into how operators manage their Internet of Things (IoT) deployments in reality and often reveal grievances, e.g., significant security issues. However, while IoT devices often use IPv6, past studies resorted to comprehensively scan the IPv4 address space. To fully understand how the IoT and all its services and devices is operated, including IPv6-reachable deployments is inevitable-although scanning the entire IPv6 address space is infeasible. In this paper, we close this gap and examine how to best discover IPv6-reachable IoT deployments. To this end, we propose a methodology that allows combining various IPv6 scan direction approaches to understand the findability and prevalence of IPv6-reachable IoT deployments. Using three sources of active IPv6 addresses and eleven address generators, we discovered 6658 IoT deployments. We derive that the available address sources are a good starting point for finding IoT deployments. Additionally, we show that using two address generators is sufficient to cover most found deployments and save time as well as resources. Assessing the security of the deployments, we surprisingly find similar issues as in the IPv4 Internet, although IPv6 deployments might be newer and generally more up-to-date: Only 39% of deployments have access control in place and only 6.2% make use of TLS inviting attackers, e.g., to eavesdrop sensitive data.