Publications and Talks

Selected Entries:
book projects with Wiley-IEEE, Springer-Vieweg, and Galileo Press;
scientific papers at Springer Annals of Telecommunications (ANTE), 37th IEEE LCN, WILEY Security and Communication Networks, 12th and 13th IFIP CMS
Talks at the hacking/professional events: HITB, TROOPERS, Datenspuren, DFN Workshop, Chaos Singularity (CoSin), MetaRheinMain ChaosDays (MRMCD), VDI Fachkonferenz Industrial IT Security, Chemnitzer Linuxtage (2013 and 2014), Secure Linux Administration Conference (SLAC).

Books

[no cover] W. Mazurczyk, S. Wendzel, S. Zander, A. Houmansadr, and K. Szczypiorski:
Information Hiding in Communication Networks: Fundamentals, Mechanisms, and Applications,
WILEY-IEEE, 2015.
Cover S-V S. Wendzel:
Tunnel und verdeckte Kanäle im Netz, 1st edition,
Springer-Vieweg, 2012.
Cover J. Plötner, S. Wendzel:
Linux. Das umfassende Handbuch, 5th edition,
Galileo Press, 2012. (1st edition: 2006)
Cover Johannes P., S. Wendzel:
Praxisbuch Netzwerk-Sicherheit, 2nd edition,
Galileo Press, 2007. (1st edition: 2005)
Cover S. Wendzel, J. Plötner:
Einstieg in Linux, 6th edition,
Galileo Press, 2014. (1st edition: 2004)

Book Chapters

  • Steffen Wendzel, Jörg Keller:
    Einführung in die Forschungsthematik der verdeckten Kanäle,
    In: Informationstechnologie und Sicherheitspolitik – Wird der dritte Weltkrieg im Internet ausgetragen?, BoD, pp. 91-102, October 2012.


Edited Publications

Scientific Publications


Submitted / Work in Progress:
  • Steffen Wendzel, Sebastian Zander, Bernhard Fechner, Christian Herdin:
    A Pattern-based Survey and Categorization of Network Covert Channel Techniques (submitted)

Journal Articles



Conference/Workshop Publications
Technical Reports / Other Academic Publications
  • Jaspreet  Kaur, Michael Meier, Sebastian Szlósarczyk, Steffen Wendzel:
    A Cost-Efficient Building Automation Security Testbed for Educational Purposes,
    poster at SECURWARE 2014, Lisbon, 2014. (to appear)
  • Jaspreet Kaur, Steffen Wendzel:
    Realization and Experiences with a Low-Cost Building Automation Security Testbed for Educational Purpose,
    CSCUB, Bonn, 2014.
  • Steffen Wendzel, Sebastian Szlósarczyk, Michael Meier:
    IT-Sicherheit in der Gebäude-Automation,
    Forschungsbericht des Fraunhofer FKIE, 2014 (to appear).
  • Steffen Wendzel:
    Control Protocols for Network Covert Channels,
    7th GI FG SIDAR Graduierten-Workshop über Reaktive Sicherheit (SPRING), SIDAR-Report SR-2012-01, page 24, Berlin, 2012.
  • Thomas Rist, Steffen Wendzel, Elisabeth André, Masood Masoodian:
    IT4SE – IT for smart renewable energy generation and use. News from a German - New Zealand Research Cooperation within the BMBF-funded APRA Initiative,
    Forschungsbericht der Hochschule Augsburg, pp. 59-66, October 2011.
  • Steffen Wendzel:
    Protocol Channels,
    Kempten University of Applied Sciences, July 2009.
Theses

Professional Publications

  • to appear: Kirsten Messer-Schmidt, Dirk Rösler, Christopher Ruppricht, Heinrich Seebauer, Steffen Wendzel
    Mit kritischen ITK-Systemen bewusst umgehen: ein Lösungsansatz des Arbeitskreis KRITIS (Gesellschaft für Informatik),
    digitalbusiness CLOUD, 8/14, pp. 40-41, 2014.
  • Steffen Wendzel:
    Exfiltration vertrauenswürdiger Daten - Protektionsmaßnahmen hinken den modernen Techniken der Angreifer hinterher,
    digitalbusiness CLOUD, 2/14, p. 37, 2014.
  • Steffen Wendzel:
    Gefahrenpotential der Netzwerksteganografie,
    IT-SICHERHEIT, 6/2013, pp. 58-59, 2013.
  • Steffen Wendzel:
    Sicherheitsaspekte in der Gebäude-Automation. Perspektiven der Personenüberwachung,
    IT-SICHERHEIT 3/2013, pp. 70-72, 2013.
  • Benjamin Kahler, Steffen Wendzel:
    How to own a Building? Wardriving gegen die Gebäude-Automation,
    20. DFN Workshop „Sicherheit in vernetzten Systemen“, pp. H1-H13, 2013.
  • Steffen Wendzel:
    Verdeckte Kommunikation in Gebäuden. Analyse der Gefahren und eine Middleware-basierte  Gegenmaßnahme,
    BusSysteme Magazin, 03/2012, pp. 182-183, 2012.
  • Steffen Wendzel, Thomas Rist, Roman Wirth, Elisabeth André, Masood Masoodian:
    Sicherheit beim Energiesparen durch Abstraktion,
    BusSysteme Magazin 2/2012, pp. 124-125, 2012.
  • Roland Koch, Steffen Wendzel:
    Social Network Security, pt. 2,
    Hakin9 (en), 1/12, 2012.
  • Steffen Wendzel, Roland Koch:
    Social Network Security, pt. 1,
    Hakin9 (en), 1/12, 2012.
  • Steffen Wendzel:
    Bewusstsein für Sicherheit im Bereich der Gebäudeautomatisierung,
    Hakin9 (de), 3/2011, pp. 11-12, 2011.
  • Steffen Wendzel:
    Protocol Channels,
    Hakin9 (en) 06/2009.
  • Steffen Wendzel:
    Intrusion Detection über Benutzerprofile,
    Hakin9 05/2008.
  • Steffen Wendzel:
    Protocol Hopping Covert Channels,
    Hakin9 03/2008.
  • Steffen Wendzel:
    Forensik nach Angriffen auf Linux-Systeme,
    Hakin9 06/2007.
  • Steffen Wendzel:
    Abhärtung von Linux/BSD Systemen. Eine Einführung,
    Hakin9 04/2007.
  • Steffen Wendzel:
    Hostbasierte Intrusion Detection -- Ein Einblick,
    Hakin9 02/2007.
  • Steffen Wendzel:
    Firewalls umgehen mit Protokoll-Tunneling,
    Hakin9 01/2007.
  • Johannes Plötner, Steffen Wendzel:
    Versionsverwaltung,
    Linux-User 10/06.
  • Johannes Plötner, Steffen Wendzel:
    Auszüge aus 'Linux. Das umfassende Handbuch',
    Linux Magazin 04/06.
  • Steffen Wendzel:
    Xyria:CDPNNTPd,
    FreeX 5/05.
  • Steffen Wendzel:
    Das Allround-Genie Z-Shell,
    FreeX 6/03.
  • Steffen Wendzel:
    sysctl in OpenBSD,
    FreeX 5/03.

Talks (Selection)

  • scheduled: "TBA",
    TBA Event Name, Mannheim, 2014-11-06.
  • "Hidden and Uncontrolled: The Emergence of Network Steganography",
    ISSE 2014, Brussels, 2014-10-14.
  • "Area of Interest on Trustworthy (Hyperconnected) Infrastructure (of NIS-P. WG3): Short Progress Report",
    Seminar on Road-mapping Cybersecurity Research and Innovation, Florence, 2014-10-08.
  • "Netzwerksicherheit in BACnet-Systemen",
    GLT Anwendertagung, Dresden, 2014-09-25.
  • "BACnet Security and Botnets",
    SANS European ICS Security Summit, Amsterdam, 2014-09-22.
  • "Alice's Adventures in Smart Building Land – Novel Adventures in a Cyber Physical Environment",
    Hack in the Box (HITB), Amsterdam, 2014-05-29/30.
  • "Smart Insecure Buildings",
    ITEC 2014 (International Training and Education Conference), Cologne, 2014-05-21.
  • "Smart Industrial Buildings: Sicherheit für Automation und Management von Gebäuden",
    2. VDI Fachkonferenz Industrial IT Security, Frankfurt, 2014-05-07.
  • "Area of Interest on Trustworthy (Hyperconnected) Infrastructures",
    NIS Platform WG3 Meeting, Brussels, 2014-04-49.
  • taking part at the panel "Towards defining priorities for cybersecurity research in Horzon 2020's work programme 2016-2017 Contributions from the Working Group on Secure ICT - Research and Innovation of the NIS Platform"
    Trust in the Digital World Conference (TDW), Vienna, 2014-04-08.
  • "Envisioning Smart Building Botnets",
    GI Sicherheit 2014, Vienna, 2014-03-21.
  • "Data Leakage Protection: Zukünftige Herausforderungen zur Sicherung von Vertraulichkeit",
    Chemnitzer Linuxtage 2014, Chemnitz, 2014-03-15/16.
  • "Zukünftige Herausforderungen für die Sicherheit Smarter Gebäude",
    21th DFN Workshop „Sicherheit in vernetzten Systemen“, Hamburg, 2014-02-18.
  • "Currently Addressed Challenges in Smart Building Security Research at Fraunhofer FKIE",
    9th IT4SE Workshop, Augsburg, 2013-12-06.
  • Keynote: "Nach dem Angriff: Versteckte Exfiltration vertraulicher Daten",
    Heise Events Konferenztag "Prism, Tempora und Co. – Rezepte gegen den Abhörwahn"
    , Köln, 2013-12-03.
  • "Hiding Privacy Leaks in Android Applications Using Low-Attention Raising Covert Channels",
    ECTCM Workshop @ ARES'13, Regensburg, 2013-09-04.
  • "Novel Approaches for Network Covert Storage Channels"
    PhD thesis defense talk at the University of Hagen, Hagen, 2013-05-07.
  • "Novel Approaches for Network Covert Channels"
    Invited talk at Fraunhofer FKIE, Bonn, 2013-04-18.
  • "Covert Channel-internal Control Protocols"
    Oberseminar at TUHH, Hamburg, 2013-04-16.
  • "Ich weiß, was du letzte Woche getan hast! Seitenkanäle in der Gebäudeautomation",
    Chemnitzer Linuxtage 2013, Chemnitz, Mar-17-2013.
  • "The future of data exfiltration and malicious communication",
    TROOPERS'13, Heidelberg, Mar-13-2013.
  • "Sicherheit in Sozialen Netzwerken",
    Mitgliederversammlung Genossenschaftsbank Unterallgäu, Ottobeuren, Mar-21-2013.
  • "Datenschutz und Datensicherheit im Zeitalter Sozialer Netzwerke",
    Forum Mindelheim/Genossenschaftsbank Unterallgäu eG, Mindelheim, Mar-18-2013.
  • "Dynamic Routing in Covert Channel Overlays Based on Control Protocols",
    International Workshop on Information Security, Theory and Practice (ISTP-2012), London, UK, Dec-10-2012.
  • "IT4SE Building Automation Security Research"
    6th IT4SE Workshop, Augsburg, Nov-30-2012.
  • "Covert Channels and their Prevention in Building Automation Protocols – A Prototype Exemplified Using BACnet",
    2nd Workshop on Security of Systems and Software Resiliency, Besançon, France, Nov-20-2012.
  • "Systematic Engineering of Control Protocols for Covert Channels",
    13th Conference on Communications and Multimedia Security (CMS), Canterbury, England, Sep-04-2012.
  • "Control Protocols for Network Covert Channels",
    7th GI FG SIDAR Graduierten-Workshop über Reaktive Sicherheit (SPRING), Berlin, Jul-06-2012.
  • "Covert and Side Channels in Buildings and the Prototype of a Building-aware Active Warden",
    First IEEE Workshop on Security and Forensics in Communication Systems, Ottawa, Canada, Jun-15-2012.
  • "Security in building automation systems and the prevention of malicious data communication in building automation networks",
    5th IT4SE Workshop, Hochschule Augsburg, Jun-06-2012.
  • "Usability Aspects of BAS Forensics",
    5th IT4SE Workshop, Hochschule Augsburg, Jun-06-2012.
  • "Design and Implementation of an Active Warden Addressing Protocol Switching Covert Channels",
    7th ICIMP Conference (IARIA), Stuttgart, May-28-2012.
  • "Sicherheit im Bereich der Gebäudeautomation",
    Linux-Informationstag der LUGA, Augsburg, Mar-24-2012.
  • "The Problem of Traffic Normalization Within a Covert Channel's Network Environment Learning Phase"
    GI Sicherheit 2012, Darmstadt, Mar-08-2012.
  • "Micro protocols and dynamic protocol switches in network covert channels",
    Swinburne University (Gastvortrag), Melbourne, Jan-12-2012.
  • "A Secure Interoperable Architecture for Building-Automation Applications",
    4th International Symposium on Applied Sciences in Biomedical and Communication Technologies, Barcelona, Spain, Oct-27-2011.
  • "Low-attention forwarding for mobile network covert channels",
    IFIP 12th Communications and Multimedia Security (CMS) 2011, Ghent, Belgium, Oct-21-2011.
  • "Verdeckte Kanäle: Informationen durch die Hintertür",
    Datenspuren 2011, Dresden, Oct-15-2011. [Video Recording]
  • "Verdeckte Kanäle - Neuland für freie Software",
    Open-Source-Treffen München, Jul-22-2011.
  • "Aktuelle Techniken und Methoden der verdeckten Kommunikationskanäle",
    Chaos Singularity (CoSin) 2011, Biel, Switzerland, Jun-25-2011.
  • "Europäische Forschungsprojekte im Schnittbereich IT und erneuerbare Energien",
    1st IT4SE-Workshop, Augsburg University of Applied Sciences, Augsburg, Dec-07-2010.
  • "Einführung in verdeckte Kanäle (Covert Channels)"
    9. Linux-Infotag der Linux-Usergroup Augsburg (LUGA), Augsburg, Mar-27-2010.
  • "Protocol Hopping Covert Channels und Protocol Channels"
    MetaRheinMain ChaosDays 0x8, Darmstadt, Sep-06-2009.
  • "Hostbasierte Sicherheit und Linux-Hardening"
    Secure Linux Administration Conference (SLAC), Berlin, Dec-07-2006.