PD Dr.-Ing. Ingmar Baumgart
Leiter Kompetenzzentrum IT-Sicherheit
Werdegang
Dr. Ingmar Baumgart leitet das Kompetenzzentrum IT-Sicherheit am FZI.
Zuvor studierte er Informatik an der Universität Karlsruhe (TH) mit den Schwerpunkten Kryptographie, Telematik und Recht. Nach Abschluss seines Studiums im Jahr 2005 hat er eine Stelle als wissenschaftlicher Mitarbeiter am Institut für Telematik des Karlsruher Instituts für Technologie (KIT) angetreten. Die Schwerpunkte seiner Forschung waren der Entwurf und die Simulation von sicheren und effizienten Kommunikationsprotokollen für verteilte Systeme.
Nach Abschluss seiner Promotion im Jahr 2010 war Ingmar Baumgart Leiter einer Nachwuchsforschergruppe am KIT und arbeitete dort an technischen Verfahren zum Datenschutz in den Bereichen Energie, Mobilität und sozialen Netzwerken. Neben seiner Tätigkeit am FZI ist Ingmar Baumgart seit 2017 zudem Privatdozent am KIT. In der Lehre war er in den Bereichen Netzsicherheit, Mobilkommunikation, Multimediakommunikation und Internet of Things aktiv.
Ingmar Baumgart ist zertifizierter TeleTrusT Information Security Professional (T.I.S.P.).
Forschungsschwerpunkte
- Netzsicherheit / Sicherheit im Internet of Things
- Sicherheit eingebetteter Systeme
- Privacy enhancing technologies (PETs)
- Entwurf und Bewertung von Kommunikationsarchitekturen
- Simulation verteilter Systeme
Wissenschaftsmanagement
- TPC-Mitglied: IEEE International Conference on Communications (ICC), Communication and Information Systems Security Symposium, 2014-2017
- TPC-Mitglied: International Symposium on Security in Computing and Communications (SSCC), 2016
- TPC-Mitglied: IEEE Global Communications Conference (GLOBECOM), Communication & Information System Security Symposium, 2015
- TPC-Mitglied: IEEE International Conference on Connected Vehicles & Expo (ICCVE), 2013-2015
- TPC-Mitglied: Winter Simulation Conference (WSC), 2015
- TPC-Mitglied: IEEE 14th International Conference on Peer-to-Peer Computing (P2P), 2014
- TPC-Mitglied: International Workshop on OMNeT++, 2008-2013
- Reviewer für IEEE LCN, IEEE ICC, IEEE GLOBECOM, WONS, ICT, IFIP Wireless Days, ACM Computing Surveys, IEEE Transactions on Industrial Informatics, IEEE Transactions on Parallel and Distributed Systems, IEEE Transactions on Network and Service Management, IEEE Transactions on Mobile Computing, IEEE Communications Letters, Elsevier Journal of Parallel and Distributed Computing, Elsevier Parallel Computing, Elsevier Journal of Network and Computer Applications, International Journal of Simulation and Process Modelling, ETRI Journal, it – Information Technology
Publikationen
Buch (1)
- Verteilter Namensdienst für dezentrale IP-TelefonieInfoDetails
Baumgart, Ingmar, KIT Scientific Publishing, 2011
Internet-Telefonie setzt bislang die Bereitstellung einer Infrastruktur mit zentralen Servern voraus. Gegenstand dieser Arbeit ist der Entwurf eines dezentralen Systems, das mit Hilfe von Peer-to-Peer-Technologien zukünftig die kostengünstige Erbringung vollständig dezentraler Telefoniedienste über das Internet ermöglicht. Der Schwerpunkt des Entwurfs liegt dabei auf den beiden Aspekten Sicherheit und Effizienz, die sich gegenseitig beeinflussen und somit im Zusammenspiel betrachtet werden.
Zeitungs- oder Zeitschriftenartikel (6)
- Establishing location-privacy in decentralized long-distance geocast servicesDetails
Florian, Martin and Pieper, Felix and Baumgart, Ingmar, 2016
- Privacy-Preserving Cooperative Route PlanningInfoDetails
Florian, Martin and Finster, Sören and Baumgart, Ingmar, 2014
Today's street traffic is still largely inefficient. Overburdened roads lead to congestions, accidents and unnecessary pollution. The increasing interconnection of traffic participants into the Internet of Vehicles (IoV) has tremendous potential for improving this issue. Cooperative route planning, for example, is a concept for optimizing vehicular routing on a global scale by gathering data about planned routes from interconnected vehicles. As in other IoV applications, the benefits of such a system come at the cost of an increased privacy risk for participating users. Published routes include both the current and the planned future locations of drivers and passengers - all highly sensitive pieces of information. In the scope of this paper, we demonstrate how cooperative route planning can be realized with strong privacy guarantees without significant cuts in utility or cost. According to our knowledge, this is the first work to consider this issue. We propose a scheme by which vehicles can publish their intent to pass at specific waypoints at approximate times in an anonymous fashion. While providing complete unlinkability of published intentions to individual users, our scheme is protected against abuse, with misbehaving (i.e., lying) users quickly losing their right to participate.
- Privacy-Aware Smart Metering: A SurveyInfoDetails
Finster, Sören and Baumgart, Ingmar, 2014
The increasing share of renewables creates new challenges for the existing electrical grid. To deal with these challenges, various efforts are being made to transform the existing power grid into a so-called smart grid. Part of this process is the deployment of an advanced metering infrastructure, which provides novel high-frequency two-way communication between consumers and producers. But as useful as the access to high-frequency measurements may be for energy suppliers, this also poses a major threat to the privacy of the customers. In this survey we present approaches to the problem of customer privacy-protection in the smart grid. We show that the privacy problem in smart grids can be further divided into the problems metering for billing and metering for operations. For each of these problems we identify generic approaches to solve them.
- OverSim: Ein skalierbares und flexibles Overlay-Framework für Simulation und reale AnwendungenDetails
Baumgart, Ingmar and Heep, Bernhard and Krause, Stephan, K.G. Saur Verlag, 2009
- Neue Entwicklungen im Bereich dezentraler Voice-over-IP-NetzeInfoDetails
Baumgart, Ingmar, K.G. Saur, 2007
Dezentrale Voice-over-IP-Netze stellen insbesondere in Katastrophenschutzszenarien sowie in Gebieten ohne zentrale Infrastrukturversorgung eine vielversprechende Alternative zu klassischen SIP-Netzen dar. Dieser Artikel gibt zunächst einen \"Uberblick über aktuelle Entwicklungen innerhalb der IETF P2PSIP Working Group, die sich als Ziel die Standardisierung eines dezentralen VoIP-Protokolls auf Basis von SIP gesetzt hat. Darauf folgt die Beschreibung einer P2PSIP-Architektur, die insbesondere im Hinblick auf die Sicherheitsanforderungen eines dezentralen VoIP-Netzes entworfen wurde -- eine Herausforderung, die bisher kaum betrachtet wurde.
- ScaleNet - Converged Networks of the FutureDetails
Siebert, Matthias and Xu, Bangnan and Grigat, Michael and Weis, Erik and Bayer, Nico and Sivchenko, Dimitry and Banniza, Thomas-Rolf and Wünstel, Klaus and Wahl, Stephan and Sigle, Rolf and Keller, Ralf and Dekorsy, Armin and, Oldenburg, 2006
Konferenzbeitrag (25)
- Decentralized and Sybil-resistant Pseudonym Registration using Social GraphsDetails
Friebe, Sebastian and Florian, Martin and Baumgart, Ingmar, IEEE Computer Society, 2016
- Sybil-Resistant Pseudonymization and Pseudonym Change without Trusted Third PartiesDetails
Florian, Martin and Walter, Johannes and Baumgart, Ingmar, 2015
- SMART-ER: Peer-based privacy for smart meteringInfoDetails
Finster, Sören and Baumgart, Ingmar, IEEE, 2014
Smart metering is an essential part of the future smart grid but causes privacy issues by collecting sensitive data from households with a high temporal resolution. Peer-based privacy mechanisms can solve this problem through privacy-aware aggregation. The SMART algorithm, originally proposed for wireless sensor networks, is a lightweight approach to this problem. In this paper, we propose to adapt the ideas of SMART for privacy-aware smart metering. However, our simulation results show, that accuracy suffers in the presence of communication errors especially in large networks. Therefore, we designed SMART-ER, an improved version of SMART. It utilizes dependency tracking and grouping to provide exact and robust smart metering even in the presence of communication errors. We show, that SMART-ER provides significantly more accurate results in typical churn scenarios.
- A Socio- And Locality-Aware Overlay for User-Centric NetworkingDetails
Florian, Martin and Hartmann, Fabian and Baumgart, Ingmar, IEEE, 2014
- Establishing location-privacy in decentralized long-distance geocast servicesDetails
Florian, Martin and Pieper, Felix and Baumgart, Ingmar, 2014
- Towards Socio- and Resource-Aware Data Replication in User-Centric NetworkingInfoDetails
Hartmann, Fabian and Baumgart, Ingmar, 2014
Recently, there has been a lot of research on decentralized social networks motivated by privacy concerns with centralized systems. However, an open challenge with decentralized systems is the actual data replication and retrieval among the participating devices. We argue this aspect can be greatly improved in terms of efficiency by taking social relationships, user behavior and locality into account. User-centric networking is a paradigm which includes the users' own devices - from smartphones to highly available personal clouds - and targets at a socio-aware data storage, based on the users' behavior and their devices' availability. In this paper, we introduce the concept of a Decision Engine that chooses the replication devices based on multi-dimensional input parameters, from momentary conditions to long-time learned user behavior and social relationships.
- SocioPath: Protecting privacy by self-sufficient data distribution in user-centric networksDetails
Hartmann, Fabian and Baumgart, Ingmar, 2014
- Pseudonymous Smart Metering without a Trusted Third PartyInfoDetails
Finster, Sören and Baumgart, Ingmar, IEEE, 2013
Privacy concerns in smart metering are one of the most discussed challenges encountered by introducing the smart grid. Several approaches to tackle this problem exist. One of these approaches is the usage of pseudonyms to protect the privacy of customers. Existing solutions to pseudonymous smart metering require a trusted third party to manage the pseudonyms and often neglect the risk of transmitting pseudonymized data through direct connections. This provides the data sink with a mapping from pseudonym to network address which can be used to break pseudonymization. In this paper, we propose a pseudonymous smart metering protocol that does not require a trusted third party. It provides authenticated but anonymous pseudonyms and solves the transmission problem by using a lightweight anonymity network based on a peer-to-peer overlay.
- Elderberry: A peer-to-peer, privacy-aware smart metering protocolDetails
Finster, Sören and Baumgart, Ingmar, IEEE, 2013
- Demo: Overdrive - An overlay-based geocast service for smart traffic applicationsInfoDetails
Florian, M. and Andreev, S. and Baumgart, I., 2013
For smart trac applications like dynamic route planning, communication between trac participants is of high impor- Tance. Traditional approaches rely on centralized, server- based communication architectures, which raises scalability and privacy concerns. To address these problems, we pro- posed OverDrive [5], an overlay-based geocast service that is applicable in smart trac scenarios and not prone to the shortcomings of centralized designs. Here, we present an interactive demonstrator of the OverDrive protocol that vi- sualizes OverDrive's neighborhood structures and routing approach in a realistic and highly mobile trac scenario. Our demonstrator is realized as an extension to the overlay simulation framework OverSim [2]. \textcopyright 2013 by the Association for Computing Machinery, Inc.
- Privacy in Overlay-based Smart Traffic SystemsDetails
Florian, Martin and Baumgart, Ingmar, IEEE, 2013
- OverDrive: An Overlay-based Geocast Service for Smart Traffic ApplicationsInfoDetails
Heep, Bernhard and Florian, Martin and Volz, Johann and Baumgart, Ingmar, IEEE Computer Society, 2013
For smart traffic scenarios, communication between traffic participants is of high importance. Classical approaches (e.g. for information about congestions) employ a server-based architecture, which raises scalability and privacy concerns. In this paper, we propose OverDrive, a decentralized overlay-based geocast service that is applicable in smart traffic scenarios and not prone to the shortcomings of centralized designs. Information requests for points in geographic space are routed directly via traffic participants until they reach a node in the proximity of that point. In contrast to other approaches, our overlay is specificaly tailored towards supporting mobile nodes - vehicles connected via cellular networks - and leverages their speed and direction for optimizing peering decisions and minimizing maintenance overhead. Exhaustive simulations in complex smart traffic scenarios show that OverDrive achieves high delivery ratios even in high mobility environments. At the same time, communication overhead is kept low, making OverDrive suitable for the use with cellular networks.
- Fast but economical: A simulative comparison of structured peer-to-peer systemsInfoDetails
Baumgart, Ingmar and Heep, Bernhard, IEEE Computer Society, 2012
In the past many proposals for structured peer-to-peer protocols have been published. They differ in properties like overlay topology, routing table maintenance and message forwarding alternatives. Furthermore each protocol exhibits various parameters e.g. to adjust routing table size or stabilization intervals, making it difficult to choose an optimal protocol and parameter set for a given scenario (e.g. churn rate, number of nodes). For this purpose we developed the overlay simulation framework OverSim and implemented six well known structured overlay protocols. In this paper we first compare these protocols among each other. Furthermore we study several recursive and iterative routing variants and show the effect of routing table redundancy and lookup parallelism on routing latency and bandwidth costs. For each overlay protocol we identify an optimal parameter set for a typical peer-to-peer scenario. Finally we show how overlay protocols adapt to variations in churn rate and network size. Our results show considerable advantages of the protocols Kademlia and Bamboo, while De Bruijn based protocols reveal a lack of stability under churn.
- OverArch: A common architecture for structured and unstructured overlay networksInfoDetails
Baumgart, Ingmar and Heep, Bernhard and Hübsch, Christian and Brocco, Amos, IEEE Computer Society, 2012
There exists a variety of different peer-to-peer (P2P) protocols to support a wide range of distributed services, such as content distribution or data storage. In order to promote interoperability and facilitate the development of new P2P applications, common application programming interfaces (APIs) have been proposed. Unfortunately, most of these interfaces have stagnated, and fail to meet present research or business requirements. In this regard, this paper presents a novel common architecture and API which combines structured and unstructured overlay networks and strives to overcome the limitations of previous architectures. Our work defines a set of generalized components that are common in today's P2P systems, and provides a clean interface that facilitates the rapid development of new P2P applications and services. We validate the proposed architecture by presenting a concrete implementation including a broad range of protocols within the P2P simulator OverSim.
- A Framework for a Comprehensive Evaluation of Ant-Inspired Peer-to-Peer ProtocolsInfoDetails
Brocco, Amos and Baumgart, Ingmar, IEEE Computer Society, 2012
Following a constant rise in the complexity and scale of peer-to-peer networks, researchers have looked at biological phenomena in order to develop self-organized, adaptive, and robust management systems. Our focus is on distributed swarm intelligence mechanisms that mimic the behavior of social insects to solve problems such as overlay management, routing, task allocation, and resource discovery. A central problem in the validation of novel networking solutions is their empirical evaluation under different conditions. Whereas existing network simulation platforms lack specific support for ant-inspired protocols (like transparent agent migration), dedicated frameworks for bio-inspired systems fail to implement accurate network models. To bridge this gap, we introduce a framework with support for bio-inspired techniques and realistic network underlay simulation based on Over Sim. To validate our work, we describe the implementation of several swarm-based protocols and we provide some measurements of the simulation performance.
- MobReduce: Reducing State Complexity of Mobility TracesInfoDetails
Hartmann, Fabian and Mayer, Christoph P. and Baumgart, Ingmar, 2012
User traces are essential for analysis of human behavior and development of opportunistic networking protocols and applications. As user traces are collected with high granularity to apply them in diverse scenarios, they have a high complexity resulting from the large number of user states. We present MobReduce: a methodology for reducing the number of states in user traces. We apply MobReduce to individually to GPS locations and WiFi sightings of the Nokia Mobile Data Challenge data set and show how to trade off state complexity vs. granularity.
- Maintenance and privacy in unstructured GeoCast overlays for smart traffic applicationsInfoDetails
Heep, Bernhard and Baumgart, Ingmar, IEEE Computer Society, 2012
In times of increasing mobility and climate change, there is a need for new services to cope with the special challenges of electric vehicles, like e.g. recuperation and charging management. Established systems of so called smart traffic applications are usually server-based and bear the risk of uncontrollable gathering of private data by service providers. In this paper we propose a decentralized overlay protocol for smart traffic applications that meets the requirements of several scenarios of future traffic. Our system offers a scalable GeoCast service, where participants (e.g. vehicles) are able to gain information from specific geographic regions. In the following, we briefly describe three scenarios that would benefit from such a GeoCast service. After that, the main part of this paper discusses maintenance and privacy issues regarding the GeoCast overlay.
- Realistic Underlays for Overlay SimulationInfoDetails
Baumgart, Ingmar and Gamer, Thomas and Hübsch, Christian and Mayer, Christoph P., 2011
Overlay networks have become an enabler for innovation in today's Internet through cost-efficient and flexible deployment of novel services. The self-organization and scalability properties that peer-to-peer-based overlay networks provide have created real-world large-scale systems like Kad, or Amazon's Dynamo. Building upon the OMNeT++ simulation environment, the OverSim framework provides widely used simulation of a large and growing set of overlay networks. Realistic environments for evaluation of such networks are crucial to obtain meaningful results, yet complex to develop and validate. The ReaSE topology and traffic generator allows to create Internet-like network topologies, background traffic, and attack traffic. In this work we integrate ReaSE with OverSim, therewith allowing for evaluation of overlay protocols upon realistic underlays and realistic background traffic. This integration provides an important step for design and evaluation of overlay-based systems and allows for meaningful results. We provide insights into runtime and memory consumptions of overlay simulations on the new ReaSE-based underlay on the one hand, and show effects on overlay protocols caused by the realistic underlay on the other hand.
- Towards secure user-centric networking: Service-oriented and decentralized social networksInfoDetails
Baumgart, Ingmar and Hartmann, Fabian, 2011
Mobile devices like laptops or smartphones are getting more and more powerful, but still these devices are mainly used to access services, which are provided by centralized servers in the Internet. We argue that the full potential of such mobile devices could be unfold if these devices would provide services like instant messaging or file transfer themselves in a peer-to-peer manner. In this paper, we introduce SODESSON, a middleware which enables easy and secure access to services that get provided by devices belonging to the user himself and his friends or colleagues. This novel communication paradigm of user-centric networking leads to more efficient and secure communication, since the indirection introduced by servers is eliminated. Given that we focus on user-centric communication, we are able to exploit the trust relationships and communication pattern of a social graph to reach these goals.
- OverSim: A scalable and flexible overlay framework for simulation and real network applicationsInfoDetails
Baumgart, Ingmar and Heep, Bernhard and Krause, Stephan, 2009
A fundamental problem in studying peer-to-peer networks is the evaluation of new protocols. This commonly involves both the simulation of the protocol in a large-scale network as well as the testing of the protocol in connection with real applications in networks like PlanetLab. To facilitate these tasks we have developed the overlay simulation framework OverSim. It is designed to fulfill a number of requirements that have been partially neglected by existing simulation frameworks.
- P2PNS: A Secure Distributed Name Service for P2PSIPDetails
Baumgart, Ingmar, 2008
- A P2PSIP Demonstrator Powered by OverSimDetails
Baumgart, Ingmar and Heep, Bernhard and Krause, Stephan, 2007
- OverSim: A Flexible Overlay Network Simulation FrameworkDetails
Baumgart, Ingmar and Heep, Bernhard and Krause, Stephan, IEEE Computer Society, 2007
- S/Kademlia: A Practicable Approach Towards Secure Key-Based RoutingInfoDetails
Baumgart, Ingmar and Mies, Sebastian, 2007
Security is a common problem in completely decentralized peer-to-peer systems. Although several suggestions exist on how to create a secure key-based routing protocol, a practicable approach is still unattended. In this paper we introduce a secure key-based routing protocol based on Kademlia that has a high resilience against common attacks by using parallel lookups over multiple disjoint paths, limiting free nodeId generation with crypto puzzles and introducing a reliable sibling broadcast. The latter is needed to store data in a safe replicated way. We evaluate the security of our proposed extensions to the Kademlia protocol analytically and simulate the effects of multiple disjoint paths on lookup success under the influence of adversarial nodes.
- Key Exchange for Service Discovery in Secure Content Addressable Sensor NetworksInfoDetails
Hof, Hans-Joachim and Baumgart, Ingmar and Zitterbart, Martina, Springer, 2007
Secure Content Addressable Network (SCAN) is an architecture for service discovery in service centric sensor networks that enables dynamic service composition. This paper proposes two new security mechanisms for SCAN: Single Path Key Exchange (SPX) and Multi Path Key Exchange (MPX). Both security mechanisms allow two arbitrary nodes of SCAN to exchange a symmetric key for secure communication. We also propose to use replication service information and majority vote to achieve security. We evaluated the performance and security of Secure Content Addressable Networks with Single Path Key Exchange, Multi Path Key Exchange and replication using a worst case attack model. It has been found, that in a network with 1000 nodes and 5% malicious nodes the probability of a successful lookup operation is still 80%. The results of the simulation indicate, that the overhead and the security level of SCAN with SPX and MPX scale with an increasing number of nodes. The simulation results also show that SCAN is suitable for networks with 100 to 1000 nodes.
Thesis (1)
- Verteilter Namensdienst für dezentrale IP-TelefonieDetails
Baumgart, Ingmar, 2010
Export Suchergebnis .bib
Kontakt
Telefon: +49 721 9654-355
E-Mail: baumgart@ fzi.de