Prof. Dr. Martin Schramm

Professor

Wissenschaftlicher Leiter Institut ProtectIT; Studiengangskoordinator des Bachelorstudiengangs Cyber Security; Mitglied der Prüfungskommission Weiterbildungszentrum


Sprechzeiten

Nach Vereinbarung (per E-Mail)


Zeitschriftenartikel
  • Michael Heigl
  • Enrico Weigelt
  • Andreas Urmann
  • D. Fiala
  • Martin Schramm
Exploiting the Outcome of Outlier Detection for Novel Attack Pattern Recognition on Streaming Data, vol. 10, pg. 2160.

In: Electronics

  • 2021

DOI: 10.3390/electronics10172160

Future-oriented networking infrastructures are characterized by highly dynamic Streaming Data (SD) whose volume, speed and number of dimensions increased significantly over the past couple of years, energized by trends such as Software-Defined Networking or Artificial Intelligence. As an essential core component of network security, Intrusion Detection Systems (IDS) help to uncover malicious activity. In particular, consecutively applied alert correlation methods can aid in mining attack patterns based on the alerts generated by IDS. However, most of the existing methods lack the functionality to deal with SD data affected by the phenomenon called concept drift and are mainly designed to operate on the output from signature-based IDS. Although unsupervised Outlier Detection (OD) methods have the ability to detect yet unknown attacks, most of the alert correlation methods cannot handle the outcome of such anomaly-based IDS. In this paper, we introduce a novel framework called Streaming Outlier Analysis and Attack Pattern Recognition, denoted as SOAAPR, which is able to process the output of various online unsupervised OD methods in a streaming fashion to extract information about novel attack patterns. Three different privacy-preserving, fingerprint-like signatures are computed from the clustered set of correlated alerts by SOAAPR, which characterizes and represents the potential attack scenarios with respect to their communication relations, their manifestation in the data’s features and their temporal behavior. Beyond the recognition of known attacks, comparing derived signatures, they can be leveraged to find similarities between yet unknown and novel attack patterns. The evaluation, which is split into two parts, takes advantage of attack scenarios from the widely-used and popular CICIDS2017 and CSE-CIC-IDS2018 datasets. Firstly, the streaming alert correlation capability is evaluated on CICIDS2017 and compared to a state-of-the-art offline algorithm, called Graph-based Alert Correlation (GAC), which has the potential to deal with the outcome of anomaly-based IDS. Secondly, the three types of signatures are computed from attack scenarios in the datasets and compared to each other. The discussion of results, on the one hand, shows that SOAAPR can compete with GAC in terms of alert correlation capability leveraging four different metrics and outperforms it significantly in terms of processing time by an average factor of 70 in 11 attack scenarios. On the other hand, in most cases, all three types of signatures seem to reliably characterize attack scenarios such that similar ones are grouped together, with up to 99.05% similarity between the FTP and SSH Patator attack.
  • Institut ProtectIT
  • DIGITAL
Zeitschriftenartikel
  • Michael Heigl
  • Kumar Anand
  • Andreas Urmann
  • D. Fiala
  • Martin Schramm
  • Robert Hable
On the Improvement of the Isolation Forest Algorithm for Outlier Detection with Streaming Data, vol. 10, pg. 1534.

In: Electronics

  • 2021

DOI: 10.3390/electronics10131534

In recent years, detecting anomalies in real-world computer networks has become a more and more challenging task due to the steady increase of high-volume, high-speed and high-dimensional streaming data, for which ground truth information is not available. Efficient detection schemes applied on networked embedded devices need to be fast and memory-constrained, and must be capable of dealing with concept drifts when they occur. Different approaches for unsupervised online outlier detection have been designed to deal with these circumstances in order to reliably detect malicious activity. In this paper, we introduce a novel framework called PCB-iForest, which generalized, is able to incorporate any ensemble-based online OD method to function on streaming data. Carefully engineered requirements are compared to the most popular state-of-the-art online methods with an in-depth focus on variants based on the widely accepted isolation forest algorithm, thereby highlighting the lack of a flexible and efficient solution which is satisfied by PCB-iForest. Therefore, we integrate two variants into PCB-iForest—an isolation forest improvement called extended isolation forest and a classic isolation forest variant equipped with the functionality to score features according to their contributions to a sample’s anomalousness. Extensive experiments were performed on 23 different multi-disciplinary and security-related real-world datasets in order to comprehensively evaluate the performance of our implementation compared with off-the-shelf methods. The discussion of results, including AUC, F1 score and averaged execution time metric, shows that PCB-iForest clearly outperformed the state-of-the-art competitors in 61% of cases and even achieved more promising results in terms of the tradeoff between classification and computational costs.
  • Elektrotechnik und Medientechnik
  • Institut ProtectIT
  • DIGITAL
Zeitschriftenartikel
  • Amar Almaini
  • A. Al Dubai
  • I. Romdhani
  • Martin Schramm
  • A. Alsarhan
Lightweight edge authentication for software defined networks

In: Computing (Special Issue)

  • 2020

DOI: 10.1007/s00607-020-00835-4

OpenFlow is considered as the most known protocol for Software Defined Networking (SDN). The main drawback of OpenFlow is the lack of support of new header definitions, which is required by network operators to apply new packet encapsulations. While SDN’s logically centralized control plane could enhance network security by providing global visibility of the network state, it still has many side effects. The intelligent controllers that orchestrate the dumb switches are overloaded and become prone to failure. Delegating some level of control logic to the edge or, to be precise, the switches can offload the controllers from local state based decisions that do not require global network wide knowledge. Thus, this paper, to the best of our knowledge, is the first to propose the delegation of typical security functions from specialized middleboxes to the data plane. We leverage the opportunities offered by programming protocol-independent packet processors (P4) language to present two authentication techniques to assure that only legitimate nodes are able to access the network. The first technique is the port knocking and the second technique is the One-Time Password. Our experimental results indicate that our proposed techniques improve the network overall availability by offloading the controller as well as reducing the traffic in the network without noticeable negative impact on switches’ performance.
  • Angewandte Informatik
  • Institut ProtectIT
  • DIGITAL
Beitrag (Sammelband oder Tagungsband)
  • Laurin Dörr
  • Michael Heigl
  • D. Fiala
  • Martin Schramm
Comparison of Energy-Efficient Key Management Protocols for Wireless Sensor Networks, pg. 21-26.
  • 2019

DOI: 10.1145/3343147.3343156

A Wireless Sensor Network (WSN) contains small sensor nodes which monitor physical or environmental conditions. WSN is an important technology for digitalization of industrial periphery and is often used in environments which are not hardened against security impacts. These networks are easy to attack due to the open communication medium and low computing resources of the applied devices. Establishing security mechanisms is difficult while taking into account low energy consumption. Low cost sensors with limited resources make the implementation of cryptographic algorithms even more challenging. For WSNs cryptographic functions are needed without high impact on energy consumption and latency. Therefore, security in WSNs is a challenging field of research. This paper compares lightweight energy-efficient key exchange protocols which are suitable for WSN. The protocols were also implemented in WSN-capable Texas Instrument boards and the energy consumption was measured during the key exchange. This paper shows that schemes have to be chosen depending on the specific network requirements and that the usage of asymmetric cryptography does not always result in a high energy consumption.
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
  • DIGITAL
  • NACHHALTIG
Beitrag (Sammelband oder Tagungsband)
  • Michael Heigl
  • Martin Schramm
  • D. Fiala
A Lightweight Quantum-Safe Security Concept for Wireless Sensor Network Communication, pg. 906-911.
  • 2019

DOI: 10.1109/PERCOMW.2019.8730749

The ubiquitous internetworking of devices in all areas of life is boosted by various trends for instance the Internet of Things. Promising technologies that can be used for such future environments come from Wireless Sensor Networks. It ensures connectivity between distributed, tiny and simple sensor nodes as well as sensor nodes and base stations in order to monitor physical or environmental conditions such as vibrations, temperature or motion. Security plays an increasingly important role in the coming decades in which attacking strategies are becoming more and more sophisticated. Contemporary cryptographic mechanisms face a great threat from quantum computers in the near future and together with Intrusion Detection Systems are hardly applicable on sensors due to strict resource constraints. Thus, in this work a future-proof lightweight and resource-aware security concept for sensor networks with a processing stage permeated filtering mechanism is proposed. A special focus in the concepts evaluation lies on the novel Magic Number filter to mitigate a special kind of Denial-of-Service attack performed on CC1350 LaunchPad ARM Cortex-M3 microcontroller boards.
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
  • MOBIL
  • DIGITAL
Beitrag (Sammelband oder Tagungsband)
  • Michael Heigl
  • Laurin Dörr
  • Martin Schramm
  • D. Fiala
On the Energy Consumption of Quantum-resistant Cryptographic Software Implementations Suitable for Wireless Sensor Networks, pg. 72-83.
  • 2019

DOI: 10.5220/0007835600720083

For an effective protection of the communication in Wireless Sensor Networks (WSN) facing e.g. threats by quantum computers in the near future, it is necessary to examine the applicability of quantum-resistant mechanisms in this field. It is the aim of this article to survey possible candidate schemes utilizable on sensor nodes and to compare the energy consumption of a selection of freely-available software implementations using a WSN-ready Texas Instruments CC1350 LaunchPad ARM® Cortex®-M3 microcontroller board.
  • Elektrotechnik und Medientechnik
  • Institut ProtectIT
  • DIGITAL
  • NACHHALTIG
Beitrag (Sammelband oder Tagungsband)
  • Robert Wildenauer
  • Karl Leidl
  • Martin Schramm
Hacking an optics manufacturing machine: You don't see it coming?!, pg. 11171071-11171076.
  • 2019

DOI: 10.1117/12.2526691

With more and more industrial devices getting inter-connected the attack surface for cyber attacks is increasing steadily. In this paper the possible approach of an attacker who got access to the office network at the Institute for Precision Manufacturing and High-Frequency Technology (IPH) to attack one of the optic machines that reside in another network segment is presented. Based on known vulnerabilities from the Common Vulnerabilities and Exposures (CVE), like the shellshock exploit or remote code execution with PsExec, for devices identified in the network, an attacker can bypass the firewall between the office network and the laboratory network and get full access to the HMI of the target machine.
  • Elektrotechnik und Medientechnik
  • TC Teisnach Sensorik
  • Institut ProtectIT
  • DIGITAL
Zeitschriftenartikel
  • Michael Heigl
  • Laurin Dörr
  • Nicolas Tiefnig
  • D. Fiala
  • Martin Schramm
A Resource-Preserving Self-Regulating Uncoupled MAC Algorithm to be Applied in Incident Detection, vol. 85, pg. 270-285.

In: Computers & Security

  • 2019

DOI: 10.1016/j.cose.2019.05.010

The connectivity of embedded systems is increasing accompanied with thriving technology such as Internet of Things/Everything (IoT/E), Connected Cars, Smart Cities, Industry 4.0, 5G or Software-Defined Everything. Apart from the benefits of these trends, the continuous networking offers hackers a broad spectrum of attack vectors. The identification of attacks or unknown behavior through Intrusion Detection Systems (IDS) has established itself as a conducive and mandatory mechanism apart from the protection by cryptographic schemes in a holistic security eco-system. In systems where resources are valuable goods and stand in contrast to the ever increasing amount of network traffic, sampling has become a useful utility in order to detect malicious activities on a manageable amount of data. In this work an algorithm – Uncoupled MAC – is presented which secures network communication through a cryptographic scheme by uncoupled Message Authentication Codes (MAC) but as a side effect also provides IDS functionality producing alarms based on the violation of Uncoupled MAC values. Through a novel self-regulation extension, the algorithm adapts it’s sampling parameters based on the detection of malicious actions. The evaluation in a virtualized environment clearly shows that the detection rate increases over runtime for different attack scenarios. Those even cover scenarios in which intelligent attackers try to exploit the downsides of sampling.
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
  • DIGITAL
Beitrag (Sammelband oder Tagungsband)
  • Amar Almaini
  • A. Al Dubai
  • I. Romdhani
  • Martin Schramm
Delegation of Authentication to the Data Plane in Software Defined Networks, pg. 58-65.
  • 2019

DOI: 10.1109/IUCC/DSCI/SmartCNS.2019.00038

OpenFlow is considered as the most known protocol for Software Defined Networking (SDN). The main drawback of OpenFlow is the lack of support of new header definitions, which is required by network operators to apply new packet encapsulations. While SDN's logically centralized control plane could enhance network security by providing global visibility of the network state, it still has many side effects. The intelligent controllers that orchestrate the dumb switches are overloaded and become prone to failure. Delegating some level of control logic to the switches can offload the controllers from local state based decisions that do not require global network-wide knowledge. Thus, this paper, to the best of our knowledge, is the first to propose the delegation of typical security functions from specialized middleboxes to the data plane. We leverage the opportunities offered by P4 language to implement the functionality of authenticating nodes using port knocking. Our experimental results indicate that our proposed technique improves the network overall availability by offloading the controller as well as reducing the traffic in the network without noticeable negative impact on switches' performance.
  • Angewandte Informatik
  • Institut ProtectIT
  • DIGITAL
Zeitschriftenartikel
  • Martin Schramm
  • R. Dojen
  • Michael Heigl
A Vendor-Neutral Unified Core for Cryptographic Operations in GF(p) and GF( 2m ) Based on Montgomery Arithmetic (Article ID 4983404), pg. 1-18.

In: Security and Communication Networks

  • 2018

DOI: 10.1155/2018/4983404

In the emerging IoT ecosystem in which the internetworking will reach a totally new dimension the crucial role of efficient security solutions for embedded devices will be without controversy. Typically IoT-enabled devices are equipped with integrated circuits, such as ASICs or FPGAs to achieve highly specific tasks. Such devices must have cryptographic layers implemented and must be able to access cryptographic functions for encrypting/decrypting and signing/verifying data using various algorithms and generate true random numbers, random primes, and cryptographic keys. In the context of a limited amount of resources that typical IoT devices will exhibit, due to energy efficiency requirements, efficient hardware structures in terms of time, area, and power consumption must be deployed. In this paper, we describe a scalable word-based multivendor-capable cryptographic core, being able to perform arithmetic operations in prime and binary extension finite fields based on Montgomery Arithmetic. The functional range comprises the calculation of modular additions and subtractions, the determination of the Montgomery Parameters, and the execution of Montgomery Multiplications and Montgomery Exponentiations. A prototype implementation of the adaptable arithmetic core is detailed. Furthermore, the decomposition of cryptographic algorithms to be used together with the proposed core is stated and a performance analysis is given.
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
  • DIGITAL
Beitrag (Sammelband oder Tagungsband)
  • Michael Heigl
  • Laurin Dörr
  • Amar Almaini
  • D. Fiala
  • Martin Schramm
Incident Reaction Based on Intrusion Detections’ Alert Analysis, pg. 1-6.
  • 2018

DOI: 10.23919/AE.2018.8501419

The protection of internetworked systems by cryptographic techniques have crystallized as a fundamental aspect in establishing secure systems. Complementary, detection mechanisms for instance based on Intrusion Detection Systems has established itself as a fundamental part in holistic security eco-systems in the previous years. However, the interpretation of and reaction on detected incidents is still a challenging task. In this paper an incident handling environment with relevant components and exemplary functionality is proposed that involves the processes from the detection of incidents over their analysis to the execution of appropriate reactions. An evaluation of a selection of implemented interacting components using technology such as OpenFlow or Snort generally proofs the concept.
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
  • DIGITAL
Vortrag
  • Martin Schramm
A Practical Introduction to Cryptographic Engineering. [Invited Talk; eingeladen von Dalibor Fiala (PhD)]
  • 2018
  • Elektrotechnik und Medientechnik
  • Institut ProtectIT
  • DIGITAL
Beitrag (Sammelband oder Tagungsband)
  • Martin Schramm
  • R. Dojen
  • Michael Heigl
Experimental assessment of FIRO- and GARO-based noise sources for digital TRNG designs on FPGAs, pg. 1-6.
  • 2017

DOI: 10.23919/AE.2017.8053618

The quality of TRNG designs mainly depends on the grade of the noise source from which the entropy will be harvested to extract randomness. Especially for purely digital noise sources suitable for FPGA implementations the use of Ring Oscillators is suggested in many scientific publications. Standard Ring Oscillator based noise sources however have earned some criticism regarding the amount of entropy generated. On this account different enhancements have been proposed, with Fibonacci Ring Oscillators (FIROs) and Galois Ring Oscillators (GAROs) being prominent examples, which under some circumstances are able to sustain a chaotic oscillation suitable for entropy extraction. This paper deals with the assessment of fully constrained FIRO and GARO noise source designs for a specific target FPGA. Due to the restrictive placement of ring elements the assessment yielded new criteria for choosing proper FIRO/GARO feedback configurations and an enhanced sampling method for entropy extraction has been derived.
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
  • DIGITAL
Beitrag (Sammelband oder Tagungsband)
  • Laurin Dörr
  • D. Fiala
  • Michael Heigl
  • Martin Schramm
Assessment simulation model for uncoupled message authentication
  • 2017

DOI: 10.23919/AE.2017.8053580

Today's trend of an increasing number of networked embedded devices pervades many areas. Ranging from home automation, industrial or automotive applications with a large number of different protocols, low resources and often high demands on real-time make it difficult to secure the communication of such systems. A concept of an uncoupled MAC which is able to ensure the authenticity and integrity of communication flows between two network parties can be used. This is in particular of advance for outdated legacy components still participating in the network. In this paper a assessment simulation model of the mechanism behind this technology is described. It outlines the probability of detecting an attack depending on the message authentication overhead. The model considers all control variables and performs measurements based on random data traffic. The results of the statistical analysis state that a high attack detection rate can be obtained even with a small communication overhead.
  • Elektrotechnik und Medientechnik
  • Institut ProtectIT
  • DIGITAL
Beitrag (Sammelband oder Tagungsband)
  • Michael Heigl
  • Martin Schramm
  • Laurin Dörr
  • Andreas Grzemba
Embedded Plug-In Devices to Secure Industrial Network Communications
  • 2016
  • Elektrotechnik und Medientechnik
  • Institut ProtectIT
  • DIGITAL
Vortrag
  • Martin Schramm
  • Andreas Grzemba
Trusted Computing Concepts for Resilient Embedded Networks. International Workshop on Engineering Cyber Security and Resilience

In: 2014 ASE Bigdata/SocialCom/Cybersecurity Conference

  • 2014
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
Vortrag
  • Martin Schramm
Resilience in Embedded Industrial Networks

In: Trusted Computing Group Members Meeting 2014

  • 2014
  • Elektrotechnik und Medientechnik
  • Institut ProtectIT
Vortrag
  • Martin Schramm
Embedded Trusted Computing on ARM-based Systems

In: Security Forum 2014

  • 2014
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
Vortrag
  • Martin Schramm
  • Andreas Grzemba
On the Implementation of a Lightweight Generic FPGA ECC Crypto-Core over GF(p)

In: IEEE Applied Electronics International Conference

  • 2013
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
Vortrag
  • Martin Schramm
  • Karl Leidl
  • Andreas Grzemba
  • N. Kuntze
Enhanced Embedded Device Security by Combining Hardware-Based Trust Mechanisms. Poster-Session

In: ACM Conference on Computer and Communications Security

  • 2013
  • Institut ProtectIT
  • TC Teisnach Sensorik
  • Elektrotechnik und Medientechnik
Vortrag
  • Martin Schramm
  • Andreas Grzemba
On the Implementation of an Efficient Multiplier Logic for FPGA-based Cryptographic Applications

In: IEEE Applied Electronics International Conference

  • 2013
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
Vortrag
  • Martin Schramm
  • Andreas Grzemba
Reconfigurable Trust for Embedded Computing Platforms

In: IEEE Applied Electronics International Conference

  • 2012
  • Elektrotechnik und Medientechnik
  • Institut ProtectIT
Vortrag
  • Karl Leidl
  • Martin Schramm
  • Andreas Grzemba
The Establishment of High Degrees of Trust in a Linux Environment

In: Embedded World International Conference 2012

  • 2012
  • TC Teisnach Sensorik
  • Elektrotechnik und Medientechnik
  • Institut ProtectIT
Vortrag
  • Martin Schramm
  • Andreas Grzemba
Trustworthy Building Blocks for a More Secure Embedded Computing Environment

In: Applied Electronics International Conference

  • 2011
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
Vortrag
  • Martin Schramm
  • Andreas Grzemba
  • et al.
Utilizing a State-of-the-art Trust Anchor in Order to Increase the Trustworthiness of Embedded Platforms

In: Embedded World International Conference 2011

  • 2011
  • Elektrotechnik und Medientechnik
  • Institut ProtectIT
Vortrag
  • Martin Schramm
  • Andreas Grzemba
The Benefits of Combining Trusted Computing with Virtualization Techniques

In: Applied Electronics International Conference

  • 2010
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik
Vortrag
  • Martin Schramm
  • Andreas Grzemba
The Benefits of Combining Trusted Computing with Virtualization Techniques

In: IEEE International Conference on Applied Electronics 2010

  • 2010
  • Institut ProtectIT
  • Elektrotechnik und Medientechnik

Projekte

Institut ProtectIT


Labore

IT-Security


Kernkompetenzen

  • Angewandte Kryptographie (ECC, PBC, PQC)
    • Elliptische Kurven Kryptographie
    • Paarungsbasierte Kryptographie
    • Post-Quanten-Kryptographie
    • Leichtgewichtige Kryptographie
  • Distributed-Ledger-Technologien
  • FPGA-Programmierung
  • Sicherheitsaspekte im Bereich autonomes Fahren
  • Security Mechanismen in industriellen Netzwerken
  • Trusted Computing Technologien (TPM, TNC)


Vita

  • seit 2017: Leitung des Institut ProtectIT - Protection for Industrial Technologies
  • seit 2017: Professor an der Technischen Hochschule Deggendorf, Fakultät Angewandte Informatik
  • seit 2014: Freier Mitarbeiter für die ProtectEM GmbH
  • 2012 - 2016: Kooperative Promotion, University of Limerick, Irland
  • 2010 – 2011: Masterstudium Master’s Degree by Research an Thesis, University of Limerick, Irland, Studienabschluss: M.Eng.
  • 2006 - 2010: Bachelorstudium Mechatronik (Schwerpunkt Mechatronische Systeme), Hochschule für angewandte Wissenschaften Deggendorf, Studienabschluss: B.Eng.


Sonstiges

  • Wissenschaftlicher Leiter Institut ProtectIT
  • Studiengangskoordinator des Bachelorstudiengangs Cyber Security
  • Mitglied der Prüfungskommission Weiterbildungszentrum