Wissenschaftlicher Mitarbeiter / Post-Doktorand
Kontakt: +49 (0) 6151 / 1620945 | linsner@peasec.tu-darmstadt.de
Technische Universität Darmstadt, Fachbereich Informatik, Wissenschaft und Technik für Frieden und Sicherheit (PEASEC) Pankratiusstraße 2, 64289 Darmstadt, Raum 115
Dr.-Ing. Sebastian Linsner ist wissenschaftlicher Mitarbeiter und Post-Doktorand am Lehrstuhl Wissenschaft und Technik für Frieden und Sicherheit (PEASEC) im Fachbereich Informatik der Technischen Universität Darmstadt. Er forschte im Kontext der resilienten Digitalisierung der Landwirtschaft, insb. im BMBF-Projekt HyServ zur Realisierung hybrider Dienste und mittlerweile im DFG-Sonderforschungsbereich CROSSING sowie im ATHENE-Projekt PriVis.
Er studierte Angewandte Informatik (B.Sc.) an der Ruhr-Universität Bochum, sowie Informatik (M.Sc.) und IT-Sicherheit (M.Sc.) an der TU Darmstadt. 2024 promovierte er (zum Dr.-Ing.) bei PEASEC zum Thema „Privacy Preserving Data Management: Assisting Users in Data Disclosure Scenarios“.
Publikationen
2025
[BibTeX]
@book{linsner_privacy_2025,
address = {Wiesbaden, Germany},
title = {Privacy {Preserving} {Data} {Management} – {Assisting} {Users} in {Data} {Disclosure} {Scenarios}},
publisher = {Springer Vieweg},
author = {Linsner, Sebastian},
year = {2025},
keywords = {DissPublisher, Projekt-ATHENE-PriVis, Projekt-CROSSING, Security, UsableSec},
}
2024
[BibTeX]
@inproceedings{chandran_encrypted_2024,
address = {Salt Lake City, USA},
title = {Encrypted {MultiChannel} {Communication} ({EMC2}): {Johnny} should use secret sharing},
booktitle = {23. {Workshop} on {Privacy} in the {Electronic} {Society} ({WPES}'24)},
publisher = {ACM},
author = {Chandran, Gowri R. and Demuth, Kilian and Edalatnejad, Kasra and Linsner, Sebastian and Reuter, Christian and Schneider, Thomas},
month = oct,
year = {2024},
}
[BibTeX] [Abstract] [Download PDF]
In many applications and websites people use in their everyday life, their privacy and data is threatened, e.g., by script tracking during browsing. Although researchers and companies have developed privacy-enhancing technologies (PETs), they are often difficult to use for lay users. In this paper, we conducted a literature review to classify users into different support personas based on their privacy competence and privacy concern. With developers of PETs in mind, support personas were envisioned to facilitate the customization of software according to the support needs of different users. In order to demonstrate the usefulness of support personas and based on workshop sessions with 15 participants, we designed a browser extension which supports users with the issue of script tracking by providing different user interfaces for different support personas. The following qualitative evaluation with 31 participants showed that the developed UI elements worked as intended for the different support personas. Therefore, we conclude the concept of support personas is useful in the development process of usable applications that enhance the privacy of the users while also educating them and thus potentially increasing their privacy literacy.
@article{demuth_support_2024,
title = {Support {Personas}: {A} {Concept} for {Tailored} {Support} of {Users} of {Privacy}-{Enhancing} {Technologies}},
url = {https://petsymposium.org/popets/2024/popets-2024-0142.pdf},
abstract = {In many applications and websites people use in their everyday life, their privacy and data is threatened, e.g., by script tracking during browsing. Although researchers and companies have developed privacy-enhancing technologies (PETs), they are often difficult to use for lay users. In this paper, we conducted a literature review to classify users into different support personas based on their privacy competence and privacy concern. With developers of PETs in mind, support personas were envisioned to facilitate the customization of software according to the support needs of different users. In order to demonstrate the usefulness of support personas and based on workshop sessions with 15 participants, we designed a browser extension which supports users with the issue of script tracking by providing different user interfaces for different support personas. The following qualitative evaluation with 31 participants showed that the developed UI elements worked as intended for the different support personas. Therefore, we conclude the concept of support personas is useful in the development process of usable applications that enhance the privacy of the users while also educating them and thus potentially increasing their privacy literacy.},
number = {4},
journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
author = {Demuth, Kilian and Linsner, Sebastian and Biselli, Tom and Kaufhold, Marc-André and Reuter, Christian},
year = {2024},
keywords = {Security, UsableSec, HCI, Projekt-CROSSING, A-Paper, Projekt-ATHENE-PriVis, Ranking-CORE-A},
}
[BibTeX] [Abstract] [Download PDF]
Farm Management Information Systems (FMIS) are an important core component of modern farming companies as they allow, e.g., to document activities, create fertilization plans, and feed digital equipment with required data. Since the entire agricultural sector is an essential component of food production, high standards of resilience should be established in the involved companies. Accordingly, the used software should also be designed with high standards on reliability and crisis capability. Based on a literature review, we found that software for farmers with certain resilience needs is lacking. Thus, we designed and evaluated a new FMIS concept with the user-centered design method. By conducting focus groups (two rounds, total N=57) in 2017 and 2019, we raised specific front-end and back-end requirements of farmers. Based on the requirements, we developed our concept for both front- and back-end in terms of a decentralized and offline-working FMIS. Through the evaluation with practitioners (N=16) of the implemented concept, we derived findings and implications, highlighting the need for privacy, stability, and offline-capability, as well as the UI-requirement to be supportive, e.g., with easy to understand icons and terms.
@article{kuntke_geobox_2024,
title = {{GeoBox}: {Design} and {Evaluation} of a {Tool} for {Resilient} and {Decentralized} {Data} {Management} in {Agriculture}},
volume = {43},
issn = {0144-929X},
url = {https://peasec.de/paper/2023/2023_KuntkeKaufholdLinsnerReuter_GeoBox_BIT.pdf},
doi = {10.1080/0144929X.2023.2185747},
abstract = {Farm Management Information Systems (FMIS) are an important core component of modern farming companies as they allow, e.g., to document activities, create fertilization plans, and feed digital equipment with required data. Since the entire agricultural sector is an essential component of food production, high standards of resilience should be established in the involved companies. Accordingly, the used software should also be designed with high standards on reliability and crisis capability. Based on a literature review, we found that software for farmers with certain resilience needs is lacking. Thus, we designed and evaluated a new FMIS concept with the user-centered design method. By conducting focus groups (two rounds, total N=57) in 2017 and 2019, we raised specific front-end and back-end requirements of farmers. Based on the requirements, we developed our concept for both front- and back-end in terms of a decentralized and offline-working FMIS. Through the evaluation with practitioners (N=16) of the implemented concept, we derived findings and implications, highlighting the need for privacy, stability, and offline-capability, as well as the UI-requirement to be supportive, e.g., with easy to understand icons and terms.},
number = {4},
journal = {Behaviour \& Information Technology (BIT)},
author = {Kuntke, Franz and Kaufhold, Marc-André and Linsner, Sebastian and Reuter, Christian},
month = mar,
year = {2024},
note = {Publisher: Taylor \& Francis},
keywords = {Projekt-AgriRegio, Projekt-GeoBox, Security, UsableSec, A-Paper, AuswahlUsableSec, Selected, Ranking-CORE-A, Ranking-ImpactFactor},
pages = {764--786},
}
[BibTeX] [Abstract] [Download PDF]
In many scenarios users have to communicate sensitive data with third parties such as doctors, lawyers, insurance companies, social workers or online shops. Handing over personal data is necessary to use those services but the delegation of tasks to increase efficiency still poses the risk that personal data might be leaked. To minimize this risk and further enhance the privacy of users, we propose an interaction concept that uses layered encryption of messages to provide a trade-off between privacy and usability. Users can choose which data is additionally encrypted in an inner layer, say, for the eyes of their doctor only, and which data is available in an outer (encrypted or unencrypted) layer for all staff members. Another benefit is the hiding of sensitive data from package inspection or crawling algorithms over emails, while less critical parts can still be processed by these systems via the partial access. To investigate this concept, we derive relevant use cases for form-based communication over email from a quantitative pre-study with 1011 participants, showing that general practitioners are the most suitable use case. We developed demonstrators for this use case and evaluated them in a qualitative study with 42 participants. Our results show that the possibility of minimizing the propagation of sensitive data through additional encryption is highly appreciated and the usage of form-based communication is a promising approach for the digital transformation.
@article{linsner_decision-based_2024,
title = {Decision-based {Data} {Distribution} ({D}³): {Enabling} {Users} to {Minimize} {Data} {Propagation} in {Privacy}-sensitive {Scenarios}},
issn = {2299-0984},
url = {https://petsymposium.org/popets/2024/popets-2024-0113.php},
doi = {https://doi.org/10.56553/popets-2024-0113},
abstract = {In many scenarios users have to communicate sensitive data with third parties such as doctors, lawyers, insurance companies, social workers or online shops. Handing over personal data is necessary to use those services but the delegation of tasks to increase efficiency still poses the risk that personal data might be leaked. To minimize this risk and further enhance the privacy of users, we propose an interaction concept that uses layered encryption of messages to provide a trade-off between privacy and usability. Users can choose which data is additionally encrypted in an inner layer, say, for the eyes of their doctor only, and which data is available in an outer (encrypted or unencrypted) layer for all staff members. Another benefit is the hiding of sensitive data from package inspection or crawling algorithms over emails, while less critical parts can still be processed by these systems via the partial access. To investigate this concept, we derive relevant use cases for form-based communication over email from a quantitative pre-study with 1011 participants, showing that general practitioners are the most suitable use case. We developed demonstrators for this use case and evaluated them in a qualitative study with 42 participants. Our results show that the possibility of minimizing the propagation of sensitive data through additional encryption is highly appreciated and the usage of form-based communication is a promising approach for the digital transformation.},
number = {4},
journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
author = {Linsner, Sebastian and Demuth, Kilian and Fischlin, Marc and Reuter, Christian},
year = {2024},
keywords = {Security, UsableSec, HCI, Projekt-CROSSING, A-Paper, Selected, Projekt-ATHENE-PriVis, Ranking-CORE-A},
}
[BibTeX] [Abstract] [Download PDF]
Internet of Things (IoT) devices have become increasingly important within the smart home domain, making the security of the devices a critical aspect. The majority of IoT devices are black-box systems running closed and pre-installed firmware. This raises concerns about the trustworthiness of these devices, especially considering that some of them are shipped with a microphone or a camera. Remote attestation aims at validating the trustworthiness of these devices by verifying the integrity of the software. However, users cannot validate whether the attestation has actually taken place and has not been manipulated by an attacker, raising the need for HCI research on trust and understandability. We conducted a qualitative study with 35 participants, investigating trust in the attestation process and whether this trust can be improved by additional explanations in the application. We developed an application that allows users to attest a smart speaker using their smartphone over an audio channel to identify the attested device and observe the attestation process. In order to observe the differences between the applications with and without explanations, we performed A/B testing. We discovered that trust increases when additional explanations of the technical process are provided, improving the understanding of the attestation process.
@article{linsner_building_2024,
title = {Building {Trust} in {Remote} {Attestation} {Through} {Transparency} – {A} {Qualitative} {User} {Study} on {Observable} {Attestation}},
issn = {0144-929X},
url = {https://doi.org/10.1080/0144929X.2024.2374889},
doi = {10.1080/0144929X.2024.2374889},
abstract = {Internet of Things (IoT) devices have become increasingly important within the smart home domain, making the security of the devices a critical aspect. The majority of IoT devices are black-box systems running closed and pre-installed firmware. This raises concerns about the trustworthiness of these devices, especially considering that some of them are shipped with a microphone or a camera. Remote attestation aims at validating the trustworthiness of these devices by verifying the integrity of the software. However, users cannot validate whether the attestation has actually taken place and has not been manipulated by an attacker, raising the need for HCI research on trust and understandability. We conducted a qualitative study with 35 participants, investigating trust in the attestation process and whether this trust can be improved by additional explanations in the application. We developed an application that allows users to attest a smart speaker using their smartphone over an audio channel to identify the attested device and observe the attestation process. In order to observe the differences between the applications with and without explanations, we performed A/B testing. We discovered that trust increases when additional explanations of the technical process are provided, improving the understanding of the attestation process.},
journal = {Behaviour \& Information Technology},
author = {Linsner, Sebastian and Demuth, Kilian and Surminski, Sebastian and Davi, Lucas and Reuter, Christian},
year = {2024},
note = {Publisher: Taylor \& Francis},
keywords = {Security, Projekt-CROSSING, A-Paper, Projekt-ATHENE-PriVis, Ranking-ImpactFactor, Usable security},
pages = {1--21},
}
[BibTeX]
@book{linsner_privacy_2024,
address = {Darmstadt, Germany},
title = {Privacy {Preserving} {Data} {Management} – {Assisting} {Users} in {Data} {Disclosure} {Scenarios}},
publisher = {Dissertation (Dr.-Ing.), Department of Computer Science, Technische Universität Darmstadt},
author = {Linsner, Sebastian},
year = {2024},
keywords = {Security, UsableSec, Projekt-CROSSING, Projekt-ATHENE-PriVis, Dissertation},
}
2023
[BibTeX] [Abstract] [Download PDF]
When considering privacy, context, and environmental circumstances can have a strong influence on individual decisions and user behavior. Especially in crises or threatening situations, privacy may conflict with other values, such as personal safety and health. In other cases, personal or public safety can also be dependent on privacy: the context of flight shows how, for those affected, the value of data protection can increase as a result of an increased threat situation. Thus, when individual sovereignty—the autonomous development of one’s own will—or safety is highly dependent on information flows, people tend to be more protective of their privacy in order to maintain their information sovereignty. But also, the context of agriculture, as part of the critical infrastructure, shows how privacy concerns can affect the adoption of digital tools. With these two examples, flight and migration as well as agriculture, this chapter presents some exemplary results that illustrate the importance of the influence of situational factors on perceived information sovereignty and the evaluation of privacy.
@incollection{steinbrink_privacy_2023,
address = {Cham},
title = {Privacy {Perception} and {Behaviour} in {Safety}-{Critical} {Environments}},
isbn = {978-3-031-28643-8},
url = {https://doi.org/10.1007/978-3-031-28643-8_12},
abstract = {When considering privacy, context, and environmental circumstances can have a strong influence on individual decisions and user behavior. Especially in crises or threatening situations, privacy may conflict with other values, such as personal safety and health. In other cases, personal or public safety can also be dependent on privacy: the context of flight shows how, for those affected, the value of data protection can increase as a result of an increased threat situation. Thus, when individual sovereignty—the autonomous development of one’s own will—or safety is highly dependent on information flows, people tend to be more protective of their privacy in order to maintain their information sovereignty. But also, the context of agriculture, as part of the critical infrastructure, shows how privacy concerns can affect the adoption of digital tools. With these two examples, flight and migration as well as agriculture, this chapter presents some exemplary results that illustrate the importance of the influence of situational factors on perceived information sovereignty and the evaluation of privacy.},
booktitle = {Human {Factors} in {Privacy} {Research}},
publisher = {Springer International Publishing},
author = {Steinbrink, Enno and Biselli, Tom and Linsner, Sebastian and Herbert, Franziska and Reuter, Christian},
editor = {Gerber, Nina and Stöver, Alina and Marky, Karola},
year = {2023},
keywords = {Security, UsableSec, HCI, Projekt-ATHENE-FANCY, Projekt-CROSSING, Projekt-GRKPrivacy},
pages = {237--251},
}
[BibTeX] [Abstract] [Download PDF]
From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, users will not detect any compromise. Users have minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphones. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol. Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of toolname against a variety of attacks and its usability based on a user study with 20 participants.
@inproceedings{surminski_scatt-man_2023,
address = {New York, NY, USA},
series = {{CODASPY} '23},
title = {{SCAtt}-man: {Side}-{Channel}-{Based} {Remote} {Attestation} for {Embedded} {Devices} that {Users} {Understand}},
isbn = {9798400700675},
url = {https://doi.org/10.1145/3577923.3583652},
doi = {10.1145/3577923.3583652},
abstract = {From the perspective of end-users, IoT devices behave like a black box: As long as they work as intended, users will not detect any compromise. Users have minimal control over the software. Hence, it is very likely that the user misses that illegal recordings and transmissions occur if a security camera or a smart speaker is hacked. In this paper, we present SCAtt-man, the first remote attestation scheme that is specifically designed with the user in mind. SCAtt-man deploys software-based attestation to check the integrity of remote devices, allowing users to verify the integrity of IoT devices with their smartphones. The key novelty of SCAtt-man resides in the utilization of user-observable side-channels such as light or sound in the attestation protocol. Our proof-of-concept implementation targets a smart speaker and an attestation protocol that is based on a data-over-sound protocol. Our evaluation demonstrates the effectiveness of toolname against a variety of attacks and its usability based on a user study with 20 participants.},
booktitle = {Proceedings of the {Thirteenth} {ACM} {Conference} on {Data} and {Application} {Security} and {Privacy}},
publisher = {Association for Computing Machinery},
author = {Surminski, Sebastian and Niesler, Christian and Linsner, Sebastian and Davi, Lucas and Reuter, Christian},
year = {2023},
keywords = {Security, UsableSec, HCI, Projekt-CROSSING, Ranking-CORE-B},
pages = {225--236},
}
2022
[BibTeX] [Abstract] [Download PDF]
User Experience ist von zunehmender Relevanz für die Entwicklung digitaler Designentscheidungen und hat somit weitgehende Auswirkungen auf das Nutzerverhalten. Dass dies besonders für die Sicherheit und Vertraulichkeit nicht nur von Vorteil sein kann, sondern Nutzer*innen negativ beeinflussen kann, wird in dieser Arbeit ersichtlich. Betrachtetwerden dafür die Themengebiete Anti-Patterns, Grey Patterns und Dark-Patterns. Anti-Patterns bezeichnen wiederkehrende Lösungen für ein Konzept eines User Interfaces, die trotz guter Intention ungewünschte Nebeneffekte oder Konsequenzen haben. Dark-Patterns dagegen stellen Designentscheidungen dar, die durch Täuschung oder Ausnutzung psychischen Drucks versuchen Nutzer*innen zu Handlungen zu verleiten, von denen die Ersteller*innen des Dark-Patterns mehr profitieren als die Anwender* innen. Der Begriff Grey Patterns wird in dieser Arbeit für alle Design Patterns genutzt, die sich nicht direkt zuordnen lassen. Da es bisher kaum vergleichendeWerke und keinen Konsens zu diesen Themengebieten gibt, ist das Ziel dieser Arbeit ein grundlegendes Modell aufzustellen. Dabei wird durch die Untersuchung bestehender Literatur eine zusammenfassende Taxonomie und ein Vorgehen zur Unterscheidung von Anti-Patterns und Dark-Patterns erarbeitet, die als Grundlage für weitere Arbeiten und zur Entwicklung von Gegenmaßnahmen genutzt werden können.
@inproceedings{buhleier_klassifikation_2022,
address = {Darmstadt},
series = {Mensch und {Computer} 2022 - {Workshopband}},
title = {Eine {Klassifikation} sicherheitskritischer {UX}-{Design}-{Patterns}},
url = {https://dl.gi.de/handle/20.500.12116/39087},
doi = {10.18420/muc2022-mci-ws10-275},
abstract = {User Experience ist von zunehmender Relevanz für die Entwicklung digitaler Designentscheidungen und hat somit weitgehende Auswirkungen auf das Nutzerverhalten. Dass dies besonders für die Sicherheit und Vertraulichkeit nicht nur von Vorteil sein kann, sondern Nutzer*innen negativ beeinflussen kann, wird in dieser Arbeit ersichtlich. Betrachtetwerden dafür die Themengebiete Anti-Patterns, Grey Patterns und Dark-Patterns. Anti-Patterns bezeichnen wiederkehrende Lösungen für ein Konzept eines User Interfaces, die trotz guter Intention ungewünschte Nebeneffekte oder Konsequenzen haben. Dark-Patterns dagegen stellen Designentscheidungen dar, die durch Täuschung oder Ausnutzung psychischen Drucks versuchen Nutzer*innen zu Handlungen zu verleiten, von denen die Ersteller*innen des Dark-Patterns mehr profitieren als die Anwender* innen. Der Begriff Grey Patterns wird in dieser Arbeit für alle Design Patterns genutzt, die sich nicht direkt zuordnen lassen. Da es bisher kaum vergleichendeWerke und keinen Konsens zu diesen Themengebieten gibt, ist das Ziel dieser Arbeit ein grundlegendes Modell aufzustellen. Dabei wird durch die Untersuchung bestehender Literatur eine zusammenfassende Taxonomie und ein Vorgehen zur Unterscheidung von Anti-Patterns und Dark-Patterns erarbeitet, die als Grundlage für weitere Arbeiten und zur Entwicklung von Gegenmaßnahmen genutzt werden können.},
language = {de},
booktitle = {Mensch und {Computer} 2022 - {Workshopband}},
publisher = {Gesellschaft für Informatik},
author = {Buhleier, Laura and Linsner, Sebastian and Steinbrink, Enno and Reuter, Christian},
year = {2022},
keywords = {Student, Security, UsableSec, HCI, Projekt-CROSSING, Projekt-GRKPrivacy},
}
[BibTeX] [Abstract] [Download PDF]
Agriculture is subject to high demands regarding resilience as it is an essential component of the food production chain. In the agricultural sector, there is an increasing usage of digital tools that rely on communication and energy infrastructures. Should disruption occur, such strengthened dependencies on other infrastructures increase the probability of ripple effects. Thus, there is a need to analyze the resilience of the agricultural sector with a specific focus on the effects of digitalization. This study works out resilience capacities of the interconnected technologies used in farm systems based on the experiences and opinions of farmers. Information was gathered through focus group interviews with farmers (N = 52) and a survey with participants from the agricultural sector (N = 118). In particular, the focus is put on the digital tools and other information and communication technologies they use. Based on a definition of resilience capacities, we evaluate resilience regarding energy and communication demands in various types of farm systems. Especially important are the resilience aspects of modern systems’ digital communication as well as the poorly developed and nonresilient network infrastructure in rural areas that contrast with the claim for a resilient agriculture. The result is a low robustness capacity, as our analysis concludes with the risk of food production losses.
@article{kuntke_resilience_2022,
title = {Resilience in {Agriculture}: {Communication} and {Energy} {Infrastructure} {Dependencies} of {German} {Farmers}},
volume = {13},
issn = {2192-6395},
url = {https://link.springer.com/article/10.1007/s13753-022-00404-7},
doi = {10.1007/s13753-022-00404-7},
abstract = {Agriculture is subject to high demands regarding resilience as it is an essential component of the food production chain. In the agricultural sector, there is an increasing usage of digital tools that rely on communication and energy infrastructures. Should disruption occur, such strengthened dependencies on other infrastructures increase the probability of ripple effects. Thus, there is a need to analyze the resilience of the agricultural sector with a specific focus on the effects of digitalization. This study works out resilience capacities of the interconnected technologies used in farm systems based on the experiences and opinions of farmers. Information was gathered through focus group interviews with farmers (N = 52) and a survey with participants from the agricultural sector (N = 118). In particular, the focus is put on the digital tools and other information and communication technologies they use. Based on a definition of resilience capacities, we evaluate resilience regarding energy and communication demands in various types of farm systems. Especially important are the resilience aspects of modern systems’ digital communication as well as the poorly developed and nonresilient network infrastructure in rural areas that contrast with the claim for a resilient agriculture. The result is a low robustness capacity, as our analysis concludes with the risk of food production losses.},
number = {2},
journal = {International Journal of Disaster Risk Science (IJDRS)},
author = {Kuntke, Franz and Linsner, Sebastian and Steinbrink, Enno and Franken, Jonas and Reuter, Christian},
month = apr,
year = {2022},
keywords = {Projekt-AgriRegio, Projekt-GeoBox, RSF, Security, A-Paper, Selected, Ranking-ImpactFactor, Projekt-HyServ, Ranking-CORE-B, Projekt-GRKPrivacy},
pages = {214--229},
}
[BibTeX] [Abstract] [Download PDF]
The Internet of Things (IoT) is a major trend that is seen as a great opportunity to improve efficiency in many domains, including agriculture. This technology could transform the sector, improving the management and quality of agricultural operations, for example, crop farming. The most promising data transmission standard for this domain seems to be Long Range Wide Area Network (LoRaWAN), a popular representative of low power wide area network technologies today. LoRaWAN, like any wireless protocol, has properties that can be exploited by attackers, which has been a topic of multiple research papers in recent years. By conducting a systematic literature review, we build a recent list of attacks, as well as collect mitigation options. Taking a look at a concrete use case (IoT in agriculture) allows us to evaluate the practicality of both exploiting the vulnerabilities and implementing the countermeasures. We detected 16 attacks that we grouped into six attack types. Along with the attacks, we collect countermeasures for attack mitigation. Developers can use our findings to minimize the risks when developing applications based on LoRaWAN. These mostly theoretical security recommendations should encourage future works to evaluate the mitigations in practice.
@article{kuntke_lorawan_2022,
title = {{LoRaWAN} {Security} {Issues} and {Mitigation} {Options} by the {Example} of {Agricultural} {IoT} {Scenarios}},
volume = {33},
issn = {2161-3915},
url = {https://www.peasec.de/paper/2022/2022_KuntkeRomanenkoLinsnerSteinbrinkReuter_LoRaWANsecurityAgriculture_ETT.pdf},
doi = {10.1002/ett.4452},
abstract = {The Internet of Things (IoT) is a major trend that is seen as a great opportunity to improve efficiency in many domains, including agriculture. This technology could transform the sector, improving the management and quality of agricultural operations, for example, crop farming. The most promising data transmission standard for this domain seems to be Long Range Wide Area Network (LoRaWAN), a popular representative of low power wide area network technologies today. LoRaWAN, like any wireless protocol, has properties that can be exploited by attackers, which has been a topic of multiple research papers in recent years. By conducting a systematic literature review, we build a recent list of attacks, as well as collect mitigation options. Taking a look at a concrete use case (IoT in agriculture) allows us to evaluate the practicality of both exploiting the vulnerabilities and implementing the countermeasures. We detected 16 attacks that we grouped into six attack types. Along with the attacks, we collect countermeasures for attack mitigation. Developers can use our findings to minimize the risks when developing applications based on LoRaWAN. These mostly theoretical security recommendations should encourage future works to evaluate the mitigations in practice.},
number = {5},
journal = {Transactions on Emerging Telecommunications Technologies (ETT)},
author = {Kuntke, Franz and Romanenko, Vladimir and Linsner, Sebastian and Steinbrink, Enno and Reuter, Christian},
month = may,
year = {2022},
keywords = {Student, Projekt-AgriRegio, Projekt-GeoBox, RSF, Security, A-Paper, Ranking-ImpactFactor, Projekt-HyServ, Projekt-GRKPrivacy},
pages = {e4452},
}
[BibTeX] [Abstract] [Download PDF]
Business collaboration in the era of digital transformation requires the exchange of operational data. Since data are hardly controllable once they have been published or shared with others, it is highly important that users are clearly informed about who has access to which data and how certain settings can prevent the disclosure of sensitive data. However, giving end users more control over their data through increased transparency could also lead to information overload. This is particularly true in the field of agriculture, where tight schedules put pressure on employees of small enterprises. We conduct an empirical prestudy with 52 German farmers to investigate current data sharing scenarios. From these insights, we derive requirements and a concept for data sharing solutions providing data flow transparency for users. To investigate the behavior of users and the effects of transparent UI controls, we evaluate a prototype with 18 persons. Our evaluation shows that farmers demand flexible and secure tools that adjust to their workflows. Also, data should be stored and processed locally, granting farmers data sovereignty. Although the controls require additional effort, the evaluated transparent controls for data disclosure are easy to use and raise user awareness.
@article{linsner_supporting_2022,
title = {Supporting {Users} in {Data} {Disclosure} {Scenarios} in {Agriculture} through {Transparency}},
volume = {41},
url = {http://www.peasec.de/paper/2022/2022_LinsnerSteinbrinkKuntkeFrankenReuter_SupportingDataDisclosureScenariosAgriculture_BIT.pdf},
doi = {10.1080/0144929X.2022.2068070},
abstract = {Business collaboration in the era of digital transformation requires the exchange of operational data. Since data are hardly controllable once they have been published or shared with others, it is highly important that users are clearly informed about who has access to which data and how certain settings can prevent the disclosure of sensitive data. However, giving end users more control over their data through increased transparency could also lead to information overload. This is particularly true in the field of agriculture, where tight schedules put pressure on employees of small enterprises. We conduct an empirical prestudy with 52 German farmers to investigate current data sharing scenarios. From these insights, we derive requirements and a concept for data sharing solutions providing data flow transparency for users. To investigate the behavior of users and the effects of transparent UI controls, we evaluate a prototype with 18 persons. Our evaluation shows that farmers demand flexible and secure tools that adjust to their workflows. Also, data should be stored and processed locally, granting farmers data sovereignty. Although the controls require additional effort, the evaluated transparent controls for data disclosure are easy to use and raise user awareness.},
number = {10},
journal = {Behaviour \& Information Technology (BIT)},
author = {Linsner, Sebastian and Steinbrink, Enno and Kuntke, Franz and Franken, Jonas and Reuter, Christian},
year = {2022},
keywords = {Projekt-AgriRegio, RSF, Security, UsableSec, A-Paper, Ranking-CORE-A, Ranking-ImpactFactor, Projekt-HyServ, Projekt-GRKPrivacy},
pages = {2137--2159},
}
2021
[BibTeX] [Abstract] [Download PDF]
Im Projekt HyServ werden landwirtschaftliche Dienstleistungen als Hybrid aus klassischem Arbeitsauftrag und Auftrag zur Datenverarbeitung verstanden, der sowohl den Auftrag als auch das Ergebnis umfasst. Die hybriden Dienstleistungen mit fälschungssicheren Vereinbarungen und technischen Kontrollmöglichkeiten sichern besseres Vertrauen in intensiven Datenaustausch und innovative Produktionsformen in komplexen Kooperationen. Die integrierte Betrachtung von konventionell-physischer Arbeitsleistung und Datenverarbeitung erlaubt neuartige landwirtschaftliche Dienstleistungen: Anstelle der reinen Aktivität kann das Erreichen definierter Ziele vereinbart und nachprüfbar dokumentiert werden. So können auch Ergebnisse, die erst nach längerer Zeit erkennbar werden, in die vereinbarte Leistung einbezogen und erfolgsabhängig entlohnt werden. Derartige erfolgsorientierte Dienstleistungen verbinden Ausführung und Garantieleistungen und eröffnen so gerade in kritischen Zeiten neue Formen der Risikoverteilung und innovativer Geschäftsmodelle.
@inproceedings{bernardi_erfolgsorientierte_2021,
title = {Erfolgsorientierte {Dienstleistung}: {Neue} {Perspektiven} für die landwirtschaftliche {Arbeitsteilung} durch hybride {Dienstleistungen}},
url = {https://peasec.de/paper/2021/2021_Bernardietal_ErfolgsorientierteDienstleistung_GIL.pdf},
abstract = {Im Projekt HyServ werden landwirtschaftliche Dienstleistungen als Hybrid aus klassischem Arbeitsauftrag und Auftrag zur Datenverarbeitung verstanden, der sowohl den Auftrag als auch das Ergebnis umfasst. Die hybriden Dienstleistungen mit fälschungssicheren Vereinbarungen und technischen Kontrollmöglichkeiten sichern besseres Vertrauen in intensiven Datenaustausch und innovative Produktionsformen in komplexen Kooperationen. Die integrierte Betrachtung von konventionell-physischer Arbeitsleistung und Datenverarbeitung erlaubt neuartige landwirtschaftliche Dienstleistungen: Anstelle der reinen Aktivität kann das Erreichen definierter Ziele vereinbart und nachprüfbar dokumentiert werden. So können auch Ergebnisse, die erst nach längerer Zeit erkennbar werden, in die vereinbarte Leistung einbezogen und erfolgsabhängig entlohnt werden. Derartige erfolgsorientierte Dienstleistungen verbinden Ausführung und Garantieleistungen und eröffnen so gerade in kritischen Zeiten neue Formen der Risikoverteilung und innovativer Geschäftsmodelle.},
booktitle = {41. {GIL}-{Jahrestagung}: {Informatik} in der {Land}-, {Forst}- und {Ernährungswirtschaft}},
publisher = {Gesellschaft für Informatik},
author = {Bernardi, Ansgar and Becker, Sandra and Struve, Carsten and Linsner, Sebastian and Reuter, Christian and Müller, Georg},
editor = {Meyer-Aurich, Andreas and Gandorfer, Markus and Hoffmann, Christa and Weltzien, Cornelia and Bellingrath-Kimura, Sonoko D. and Floto, Helga},
year = {2021},
keywords = {Projekt-HyServ, Ranking-VHB-C},
pages = {37},
}
[BibTeX] [Abstract] [Download PDF]
Zuverlässige IT-basierte Kommunikation in der Landwirtschaft wird immer wichtiger für den regulären Betriebsablauf. Sollte sich ein Landwirt beispielsweise während eines lokalen Krisenfalls, wie einem Ausfall des Mobilfunknetzes oder des Internetzugangs des Betriebs, auf dem Feld aufhalten, wird ein alternativer Kommunikationskanal benötigt, um weiterhin eine Verbindung zu IT-Komponenten und benötigten Daten herstellen zu können. Mit der zunehmenden Digitalisierung finden Low-Power-Wide-Area-Network (LPWAN)-Technologien immer häufiger Anwendung, beispielsweise durch den Aufbau von Sensornetzwerken. Die eingesetzten LPWANTechnologien bieten dabei eine hohe Reichweite und sind größtenteils autark einsetzbar, erlauben jedoch keine klassische TCP/IP-Kommunikation. Im Rahmen dieser Arbeit wird experimentell eine populäre LPWAN-Technologie, namentlich LoRaWAN, durch AX.25 auf OSI-Schicht 2 (Data Link Layer) ergänzt, um Endgeräten eine TCP/IP-basierte Kommunikation über weite Strecken zu erlauben. Die Evaluation zeigt, dass klassische Anwendungen mit niedriger Bandbreite somit funktionsfähig sind und krisentaugliche Datenübertragung in landwirtschaftlichen Betrieben ermöglichen können.
@inproceedings{kuntke_low_2021,
address = {Meyer-Aurich, Andreas Gandorfer, Markus Hoffmann, Christa Weltzien, Cornelia Bellingrath-Kimura, Sonoko D. Floto, Helga},
title = {Low {Power} {Wide} {Area} {Networks} ({LPWAN}) für krisentaugliche {Datenübertragung} in landwirtschaftlichen {Betrieben}},
url = {http://www.peasec.de/paper/2021/2021_KuntkeSinnLinsnerReuter_LowPowerWideAreaNetworks_GIL.pdf},
abstract = {Zuverlässige IT-basierte Kommunikation in der Landwirtschaft wird immer wichtiger für den regulären Betriebsablauf. Sollte sich ein Landwirt beispielsweise während eines lokalen Krisenfalls, wie einem Ausfall des Mobilfunknetzes oder des Internetzugangs des Betriebs, auf dem Feld aufhalten, wird ein alternativer Kommunikationskanal benötigt, um weiterhin eine Verbindung zu IT-Komponenten und benötigten Daten herstellen zu können. Mit der zunehmenden Digitalisierung finden Low-Power-Wide-Area-Network (LPWAN)-Technologien immer häufiger Anwendung, beispielsweise durch den Aufbau von Sensornetzwerken. Die eingesetzten LPWANTechnologien bieten dabei eine hohe Reichweite und sind größtenteils autark einsetzbar, erlauben jedoch keine klassische TCP/IP-Kommunikation. Im Rahmen dieser Arbeit wird experimentell eine populäre LPWAN-Technologie, namentlich LoRaWAN, durch AX.25 auf OSI-Schicht 2 (Data Link Layer) ergänzt, um Endgeräten eine TCP/IP-basierte Kommunikation über weite Strecken zu erlauben. Die Evaluation zeigt, dass klassische Anwendungen mit niedriger Bandbreite somit funktionsfähig sind und krisentaugliche Datenübertragung in landwirtschaftlichen Betrieben ermöglichen können.},
booktitle = {41. {GIL}-{Jahrestagung}: {Informatik} in der {Land}-, {Forst}- und {Ernährungswirtschaft}},
publisher = {Gesellschaft für Informatik},
author = {Kuntke, Franz and Sinn, Marcel and Linsner, Sebastian and Reuter, Christian},
editor = {Meyer-Aurich, Andreas and Gandorfer, Markus and Hoffmann, Christa and Weltzien, Cornelia and Bellingrath-Kimura, Sonoko D. and Floto, Helga},
year = {2021},
keywords = {Projekt-GeoBox, Security, Projekt-HyServ, Ranking-VHB-C},
pages = {193--198},
}
[BibTeX] [Abstract] [Download PDF]
Technological progress can disrupt domains and change the way we work and collaborate. This paper presents a qualitative study with 52 German farmers that investigates the impact of the ongoing digitalization process in agriculture and discusses the implications for privacy research. As in other domains, the introduction of digital tools and services leads to the data itself becoming a resource. Sharing this data with products along the supply chain is favored by retailers and consumers, who benefit from traceability through transparency. However, transparency can pose a privacy risk. Having insight into the business data of others along the supply chain provides an advantage in terms of market position. This is particularly true in agriculture, where there is already a significant imbalance of power between actors. A multitude of small and medium-sized farming businesses are opposed by large upstream and downstream players that drive technological innovation. Further weakening the market position of farmers could lead to severe consequences for the entire sector. We found that on the one hand, privacy behaviors are affected by adoption of digitalization, and on the other hand, privacy itself influences adoption of digital tools. Our study sheds light on the emerging challenges for farmers and the role of privacy in the process of digitalization in agriculture.
@article{linsner_role_2021,
title = {The {Role} of {Privacy} in {Digitalization} – {Analysing} the {German} {Farmers}' {Perspective}},
volume = {2021},
url = {https://www.petsymposium.org/2021/files/papers/issue3/popets-2021-0050.pdf},
doi = {10.2478/popets-2021-0050},
abstract = {Technological progress can disrupt domains
and change the way we work and collaborate. This paper presents a qualitative study with 52 German farmers
that investigates the impact of the ongoing digitalization process in agriculture and discusses the implications for privacy research. As in other domains, the introduction of digital tools and services leads to the data
itself becoming a resource. Sharing this data with products along the supply chain is favored by retailers and
consumers, who benefit from traceability through transparency. However, transparency can pose a privacy risk.
Having insight into the business data of others along the
supply chain provides an advantage in terms of market
position. This is particularly true in agriculture, where
there is already a significant imbalance of power between actors. A multitude of small and medium-sized
farming businesses are opposed by large upstream and
downstream players that drive technological innovation.
Further weakening the market position of farmers could
lead to severe consequences for the entire sector. We
found that on the one hand, privacy behaviors are affected by adoption of digitalization, and on the other
hand, privacy itself influences adoption of digital tools.
Our study sheds light on the emerging challenges for
farmers and the role of privacy in the process of digitalization in agriculture.},
number = {3},
journal = {Proceedings on Privacy Enhancing Technologies (PoPETs)},
author = {Linsner, Sebastian and Kuntke, Franz and Steinbrink, Enno and Franken, Jonas and Reuter, Christian},
year = {2021},
keywords = {Projekt-GeoBox, Security, UsableSec, HCI, A-Paper, AuswahlUsableSec, Selected, Ranking-CORE-A, Ranking-ImpactFactor, Projekt-HyServ, Projekt-GRKPrivacy},
pages = {334--350},
}
2019
[BibTeX] [Abstract] [Download PDF]
Arbeitsteilung und Kooperation sind essentielle Bestandteil von Landwirtschaft, die sich im Laufe der Geschichte stetig weiterentwickelt haben. Nun ermöglicht die voranschreitende Digitalisierung in der Landwirtschaft erneut Innovationen und neue Arten der Kooperation. Moderne Dienstleistungen – wie optimierte Logistik oder umweltschonende Bewirtschaftung – verbinden zunehmend Maschinenleistungen und Datendienste zu untrennbaren Hybriden Services. Im Zuge dessen werden detaillierte Vereinbarungen bezüglich der bereitzustellenden betrieblichen Daten sowie der Verwendung der während der Dienstleistung erhobenen Messwerte getroffen. Im Rahmen des Projektes HyServ werden Servicekonzepte und Schnittstellen entwickelt, welche es den Akteuren erlauben, die Hoheit über die eigenen Daten zu behalten und dennoch kooperative Dienstleistungsverträge zu erstellen. Zu diesem Zweck werden dezentrale Strukturen mit kryptographisch gesichertem Austausch etabliert, welche als Infrastruktur für orchestrierte Micro-Services und Smart Contracts dienen.
@inproceedings{bernardi_hybride_2019,
address = {Vienna, Austria},
title = {Hybride {Dienstleistungen} in digitalisierten {Kooperationen} in der {Landwirtschaft}},
url = {http://gil-net.de/Publikationen/139_25-30.pdf},
abstract = {Arbeitsteilung und Kooperation sind essentielle Bestandteil von Landwirtschaft, die sich im Laufe der Geschichte stetig weiterentwickelt haben. Nun ermöglicht die voranschreitende Digitalisierung in der Landwirtschaft erneut Innovationen und neue Arten der Kooperation. Moderne Dienstleistungen – wie optimierte Logistik oder umweltschonende Bewirtschaftung – verbinden zunehmend Maschinenleistungen und Datendienste zu untrennbaren Hybriden Services. Im Zuge dessen werden detaillierte Vereinbarungen bezüglich der bereitzustellenden betrieblichen Daten sowie der Verwendung der während der Dienstleistung erhobenen Messwerte getroffen. Im Rahmen des Projektes HyServ werden Servicekonzepte und Schnittstellen entwickelt, welche es den Akteuren erlauben, die Hoheit über die eigenen Daten zu behalten und dennoch kooperative Dienstleistungsverträge zu erstellen. Zu diesem Zweck werden dezentrale Strukturen mit kryptographisch gesichertem Austausch etabliert, welche als Infrastruktur für orchestrierte Micro-Services und Smart Contracts dienen.},
booktitle = {39. {GIL}-{Jahrestagung}: {Informatik} in der {Land}-, {Forst}- und {Ernährungswirtschaft} {Fokus}; {Digitalisierung} für landwirtschaftliche {Betriebe} in kleinstrukturierten {Regionen} – ein {Widerspruch} in sich?, {Lecture} {Notes} in {Informatics} ({LNI})},
publisher = {Gesellschaft für Informatik},
author = {Bernardi, Ansgar and Reuter, Christian and Schneider, Wolfgang and Linsner, Sebastian and Kaufhold, Marc-André},
editor = {Meyer-Aurich, A.},
year = {2019},
keywords = {RSF, HCI, Infrastructure, Projekt-HyServ, Ranking-CORE-C, Ranking-VHB-C},
pages = {25--30},
}
[BibTeX] [Abstract] [Download PDF]
Digitalization, which proceeds in all branches, as well in agriculture, by using new technology, sensors and networking, requires responsible usage of data. One possibility to manage data and use them to create value is the blockchain-technology. It is primary enforced by the food industries and consumers to ensure traceability and transparency. To put blockchain-technology into beneficial use in agriculture, this domain has to be analyzed regarding social and business aspects. This paper presents the results of a qualitative study where 41 actors from the agricultural do-main participated in focus groups and delivered a written statement. It was found that farmers are interested in adapting new markets and technologies early to get an economic advantage. On the other hand, the fear of losing traditional local business partners and the social surroundings of the farmers must be considered
@inproceedings{linsner_blockchain_2019,
address = {Hamburg, Germany},
title = {Blockchain in der {Landwirtschaft} 4.0 - {Empirische} {Studie} zu {Erwartungen} von {Landwirt}\_innen gegenüber dezentralen {Services} auf {Basis} von {Distributed} {Ledger} {Technology}},
url = {https://dl.acm.org/citation.cfm?id=3340799},
doi = {10.1145/3340764.3340799},
abstract = {Digitalization, which proceeds in all branches, as well in agriculture, by using new technology, sensors and networking, requires responsible usage of data. One possibility to manage data and use them to create value is the blockchain-technology. It is primary enforced by the food industries and consumers to ensure traceability and transparency. To put blockchain-technology into beneficial use in agriculture, this domain has to be analyzed regarding social and business aspects. This paper presents the results of a qualitative study where 41 actors from the agricultural do-main participated in focus groups and delivered a written statement. It was found that farmers are interested in adapting new markets and technologies early to get an economic advantage. On the other hand, the fear of losing traditional local business partners and the social surroundings of the farmers must be considered},
booktitle = {Mensch und {Computer} - {Tagungsband}},
publisher = {ACM},
author = {Linsner, Sebastian and Kuntke, Franz and Schmidbauer-Wolf, Gina Maria and Reuter, Christian},
editor = {Alt, Florian and Bulling, Andreas and Döring, Tanja},
year = {2019},
keywords = {Projekt-GeoBox, HCI, Projekt-CROSSING, Projekt-CRISP, Projekt-MAKI, Projekt-HyServ, Cooperation},
pages = {103--113},
}
[BibTeX] [Abstract] [Download PDF]
The Internet of Things (IoT) has a significant impact on agriculture. So-called Smart Farming uses drones and a variety of sensors to measure climate, irrigation, soil moisture or GPS position. With this rapid influx of technology increases the threat that vulnerabilities in those technologies are being exploited for malicious intent. To show the impact of cyberattacks on agriculture, we present a simulation of several attacks on a ZigBee-based wireless sensor network. We conduct a delay attack, an interference attack and three different routing attacks (sinkhole, blackhole and selective forwarding attack). Those attacks are simulated using NETA with the OMNET++ framework. We will show that the security of WSN is influenced by factors like energy consumption or computation power, which can conflict with other interests like low per-unit costs.
@inproceedings{linsner_vulnerability_2019,
address = {Wien, Austria},
title = {Vulnerability {Assessment} in the {Smart} {Farming} {Infrastructure} through {Cyberattacks}},
url = {http://gil-net.de/Publikationen/139_119.pdf},
abstract = {The Internet of Things (IoT) has a significant impact on agriculture. So-called Smart Farming uses drones and a variety of sensors to measure climate, irrigation, soil moisture or GPS position. With this rapid influx of technology increases the threat that vulnerabilities in those technologies are being exploited for malicious intent. To show the impact of cyberattacks on agriculture, we present a simulation of several attacks on a ZigBee-based wireless sensor network. We conduct a delay attack, an interference attack and three different routing attacks (sinkhole, blackhole and selective forwarding attack). Those attacks are simulated using NETA with the OMNET++ framework. We will show that the security of WSN is influenced by factors like energy consumption or computation power, which can conflict with other interests like low per-unit costs.},
booktitle = {39. {GIL}-{Jahrestagung}: {Informatik} in der {Land}-, {Forst}- und {Ernährungswirtschaft} {Fokus}; {Digitalisierung} für landwirtschaftliche {Betriebe} in kleinstrukturierten {Regionen} – ein {Widerspruch} in sich?, {Lecture} {Notes} in {Informatics} ({LNI})},
publisher = {Gesellschaft für Informatik},
author = {Linsner, Sebastian and Varma, Rashmi and Reuter, Christian},
editor = {Meyer-Aurich, A.},
year = {2019},
keywords = {Student, Projekt-GeoBox, RSF, Security, Projekt-CROSSING, Infrastructure, Projekt-HyServ, Ranking-CORE-C, Ranking-VHB-C},
pages = {119--124},
}