I will soon be finishing my doctorate. Starting from the second quarter of 2026, I am looking for challenging, research-oriented industry positions that also would like to support my IETF and RIOT activities after that.
Curriculum Vitae
I am currently a PhD student passionate new IoT solutions and IoT security. I am specialized on real world measurements as well as the analysis of Internet backbone traces. In my work, I have a strong focus on using and developing Open Source software and to make my research results as reproducible as possible.
For an overview of presentations I gave over the last years (both private and professional, both German and English), see this YouTube playlist.
I am proficient in German (native speaker) and English (professional proficiency), and also speak and understand some Spanish (basic level).
Work Experience
Since Aug 2023: Technische Universität Dresden Dresden, Germany
Research Associate
In this position I worked on RIOT and the PIVOT and C-ray4edge projects.
Due to my work on RIOT, I took a fundamental part in spreading the RIOT community to Dresden by carrying over the monthly Hack'n'ACK events from Berlin.
Jul 2016 – Aug 2023: Freie Universität Berlin Berlin, Germany
Research Associate
In this position I worked on RIOT and the I3, RAPstore and PIVOT projects.
I also started going to IETF meetings regularly, which intensified when I started to design the DNS over CoAP (DoC) protocol for the PIVOT project in 2022.
Apr 2013 – Jun 2016: Freie Universität Berlin Berlin, Germany
Student Assistant
In this position I started working on RIOT, after I already worked on it for my Bachelor thesis (when it still was called μkleos), while working for the SAFEST project.
During this time, I became a RIOT maintainer and developed the GNRC network stack which eventually became a huge part in my Master thesis.
Oct 2011 – Sep 2013: Freie Universität Berlin Berlin, Germany
Teaching Assistant
In this position I tought courses on object oriented and imperative programming languages, computer architecture, operating systems, and computer networks to undergraduate students.
Mar 2012 – Mar 2013: elego Software Solutions GmbH Berlin, Germany
Working Student
In this position developed and consulted for Open Source Software Content Management (SCM) Systems such as Git or libgit2, as well as Open Source Continuous Integration (CI) Systems such as Jenkins.
Education
Since Mar 2023: Freie Universität Berlin Berlin, Germany
Doctorate in Computer Science
Thesis: "Meta-Data Obfuscation in the IoT Using Header Field Elision and Payload Encryption"
Oct 2011 – Jun 2016: Freie Universität Berlin Berlin, Germany
Master of Science in Computer Science, Grade: 1,9
Thesis: "Analysis and Comparison of Embedded Network Stacks"
Abstract: Embedded network stacks are at the core of every software solution for the Internet of Things (IoT), since they provide access to the outside world.
This thesis presents the proceedings of the design and implementation of the GNRC network stack.
Furthermore, it compares this stack to other stacks with similar feature sets, namely lwIP and emb6.
I describe their functionality and architecture and provide an experimental quantitative evaluation based on the RIOT operating system.
Since the term IoT is only defined very broadly, I also provide a definition for my view on the IoT and present the protocol suite used by both GNRC and the two reference stacks.
Oct 2008 – Sep 2011: Freie Universität Berlin Berlin, Germany
Bachelor of Science in Computer Science, Grade: 1,6
Thesis (in German): "Implementation of a Border Router for 6LoWPAN under the μkleos operating system"
Oct 2007 – Sep 2008: Freie Universität Berlin Berlin, Germany
C-ray4edge aims to develop a technical framework to secure the operation of Edge Computing. The "normal operation" of a network node is recorded as a profile of its electromagnetic radiation. A comparison of profiles at different points in time is used to detect manipulation of the hardware. Monitoring at a central location is supplemented by proof of identity, so-called trust anchors, in the hardware. System reliability is also to be achieved by developing a self-monitoring system and improving resource management.
PIVOT was a German-French project in the joint Call on Cybersecurity, sponsored by the German Ministry of Education and Research (BMBF) and the Agence Nationale de la Recherche (ANR).
PIVOT aimed for assuring both privacy of data and of identifiers that may disclose the data sources and contexts in the Internet of Things (IoT). The secure protection of data and metadata in PIVOT in particular extended to low-end devices and low-power radio networks of the ultra-constrained IoT.
In RAPstore we aimed to design, develop, and test an app store for low-end IoT devices. Similar to the mobile market, we aimed for a platform that allows application developers to share software with end users, and to allow end users to update their IoT devices more easily compared to the current state of art. In contrast to the mobile market, these applications would run on many more devices with very constrained resources. We developed our solutions for the most modern operating system of the IoT, RIOT.
I3 was aiming to develop and test Information Centric Networking as local access technology for the industrial Internet. It pursued the following three core objectives: (i) Achievement of a new quality of secure, reliable, and differentiated network services. (ii) Definition of an integrated architecture of local optimization and wide area network integration. (iii) Design and standardization of a universal software interface for technology abstraction.
SAFEST aimed at a comprehensive solution to ensure the safety and security of the general public and critical infrastructures. Specifically, SAFEST addressed the problems of crowd control and area surveillance at airports. The project is funded by the ANR and BMBF.
Hobbies and Other Extracurricular Activities
Singing
I am taking singing lessons for over 20 years now.
My range goes from mezzo-soprano down to tenor-baritone.
I am trained in classical music, pop, and musical style.
Currently I am also practicing more modern voice techniques such as vocal fry.
Acting
Both on stage and behind the puppet stage.
With the c-atre and the Coffeebots.
Through puppet play I also developed an interest for voice acting.
My long experience in singing is both helpful with that and any music number we embed in our plays.
Martine S. Lenders, Christian Amsüss, Cenk Gündoğan, Thomas C. Schmidt, Matthias Wählisch
Abstract: This document defines a protocol for exchanging DNS queries (OPCODE 0) over the Constrained Application Protocol (CoAP). These CoAP messages can be protected by (D)TLS-Secured CoAP or Object Security for Constrained RESTful Environments (OSCORE) to provide encrypted DNS message exchange for constrained devices in the Internet of Things (IoT).
Martine S. Lenders, Christian Amsüss, Thomas C. Schmidt, Matthias Wählisch
Abstract: This document specifies an Application-Layer Protocol Negotiation (ALPN) ID for Constrained Application Protocol (CoAP) services that are secured by DTLS.
Martine S. Lenders, Carsten Bormann, Mikolai Gütschow, Thomas C. Schmidt, Matthias Wählisch
Abstract: This document specifies a compact data format of DNS messages using the Concise Binary Object Representation [RFC8949]. The primary purpose is to keep DNS messages small in constrained networks.
Martine S. Lenders, Carsten Bormann, Thomas C. Schmidt, Matthias Wählisch
Abstract: The Internet community has taken major efforts to decrease latency in the World Wide Web. Significant improvements have been achieved in accelerating content transport and in compressing static content. Less attention, however, has been dedicated to dynamic content compression. Such content is commonly provided by JSON and DNS over HTTPS. Aligned with the overall Web trend, dynamic content objects continue to grow in size, which increases latency and fosters the digital inequality. In this paper, we propose to counter this increase by utilizing components engineered for the constrained Internet of Things (IoT). We focus on the Concise Binary Object Representation (CBOR) and its use for dynamic content encoded in JSON or in DNS over HTTPS messages. CBOR was originally introduced to restrict packet sizes in constrained environments and enables small, effective encoding of data objects. We measure that simply switching the data representation from JSON to CBOR reduces data by up to 80.0% for a corpus of JSON objects collected via the HTTP Archive. This size reduction can decrease loading times by up to 13.8% when downloading large objects – even in local setups. A new CBOR-based DNS message format designed for use with DNS over HTTPS (DoH) and DNS over CoAP (DoC) minimizes packets by up to 95.5% in its packed form and shows large potential for additionally compressing names and addresses. We contribute two name compression schemes that apply to the new CBOR format and save up to 226 bytes in a response. The decoder for our name compression scheme is lean and can fit into as little as 314 bytes of binary build size. One of those compression schemes and further optimization proposals directly influenced further improvements of the new CBOR format within Internet standardization.
draft-ietf-core-transport-indication, IETF, core WG • Jul 2025
Christian Amsüss, Martine S. Lenders
Abstract: The Constrained Application Protocol (CoAP, [RFC7252]) is available over different transports (UDP, DTLS, TCP, TLS, WebSockets), but lacks a way to unify these addresses. This document provides terminology and provisions based on Web Linking [RFC8288] and Service
Bindings (SVCB, [RFC9460]]) to express alternative transports available to a device, and to optimize exchanges using these.
Ibrahim Ayoub, Martine S. Lenders, Benoît Ampeau, Sandoche Balakrichenan, Kinda Khawam, Thomas C. Schmidt, Matthias Wählisch
Abstract: In this paper, we study IoT domain names, the domain names of backend servers on the Internet that are accessed by IoT devices. We investigate how they compare to non-IoT domain names based on their statistical and DNS properties, and the feasibility of classifying these two classes of domain names using machine learning (ML). By surveying past studies that used testbeds with real IoT devices, we construct a dataset of IoT domain names. For the non-IoT dataset,We use two lists of top-visited websites. We study the statistical properties of the domain name lists and their DNS properties. We also leverage machine learning and train six machine learning models to perform the classification between the two classes of domain names. The word embedding technique we use to get the real-value representation of the domain names is Word2vec. Our statistical analysis highlights significant differences in domain name length, label frequency, and compliance typical to domain name guidelines, while our DNS analysis reveals notable variations in resource record availability and configuration between IoT and non-IoT DNS zones. As for classification of IoT and non-IoT domain names using machine learning, among the models we train, Random Forest achieves the highest performance, yielding the highest accuracy, precision, recall, and F1 score. Our work offers novel insights to IoT, potentially informing protocol design and aiding in network security and performance monitoring.
Proceedings of the ACM on Networking, Vol. 1, No. CoNEXT2 (Acc: 18.5%) • Sep 2023
Martine S. Lenders, Christian Amsüss, Cenk Gündoğan, Marcin Nawrocki, Thomas C. Schmidt, Matthias Wählisch
Abstract: In this paper, we present the design, implementation, and analysis of DNS over CoAP (DoC), a new proposal for secure and privacy-friendly name resolution of constrained IoT devices. We implement different design choices of DoC in RIOT, an open-source operating system for the IoT, evaluate performance measures in a testbed, compare with DNS over UDP and DNS over DTLS, and validate our protocol design based on empirical DNS IoT data. Our findings indicate that plain DoC is on par with common DNS solutions for the constrained IoT but significantly outperforms when additional standard features of CoAP are used such as caching. With OSCORE, we can save more than 10 kBytes of code memory compared to DTLS, when a CoAP application is already present, and retain the end-to-end trust chain with intermediate proxies, while leveraging features such as group communication or encrypted en-route caching. We also discuss a compression scheme for very restricted links that reduces data by up to 70%.
Martine S. Lenders, Thomas C. Schmidt, Matthias Wählisch
Abstract: This paper evaluates four forwarding strategies for fragmented datagrams in the Internet of Things (IoT). We focus on classic end-to-end fragmentation, hop-wise reassembly, a minimal approach to direct forwarding of fragments, and direct forwarding utilizing selective fragment recovery. To fully analyze the potentials of selective fragment recovery, we include four common congestion control mechanisms. We compare all fragmentation strategies comprehensively in extensive experiments to assess reliability, end-to-end latency, and memory consumption on top of IEEE 802.15.4 and its common CSMA/CA MAC implementation. Our key findings include three takeaways. First, direct fragment forwarding should be deployed with care since higher packet transmission rates on the link layer can significantly reduce reliability, which can even further increase end-to-end latency because of highly increased link layer retransmissions. Second, selective fragment recovery can mitigate the problems underneath. Third, congestion control for selective fragment recovery should be chosen such that small congestion windows grow together with fragment pacing. In case of fewer fragments per datagram, pacing is less of a concern but the congestion window is limited by an upper bound.
Martine S. Lenders, Cenk Gündoğan, Thomas C. Schmidt, Matthias Wählisch
Abstract: In this paper, we analyze the benefits of integrating 6LoWPAN Selective Fragment Recovery (SFR) in ICNLoWPAN. We present a solution that allows for immediate fragment forwarding—a key feature of SFR—in combination with ICN caching. Our proposal introduces a Virtual Reassembling Endpoint (VREP), which acts transparently as an SFR fragment forwarder while simultaneously collecting fragments. Once a datagram is complete, it is exposed to the content cache, effectively making the VREP the new fragmenting endpoint. Our solution complies with current specs defined in the IETF/IRTF. Furthermore, we combine the reverse path forwarding schemes of both SFR and ICNLoWPAN and assess drawbacks and benefits in a testbed. Our evaluation shows that SFR with VREP performs similar to hop-wise reassembly, details depend on the topology, but both outperform SFR without VREP in all scenarios.
Cenk Gündoğan, Peter Kietzmann, Martine S. Lenders, Hauke Petersen, Thomas C. Schmidt, Matthias Wählisch
Abstract: This paper takes a comprehensive view on the protocol stacks that are under debate for a future Internet of Things (IoT). It addresses the holistic question of which solution is beneficial for common IoT use cases. We deploy NDN and the two popular IP-based application protocols, CoAP and MQTT, in its different variants on a large-scale IoT testbed in single- and multi-hop scenarios. We analyze the use cases of scheduled periodic and unscheduled traffic under varying loads. Our findings indicate that (a) NDN admits the most resource-friendly deployment on nodes, and (b) shows superior robustness and resilience in multi-hop scenarios, while (c) the IP protocols operate at less overhead and higher speed in single-hop deployments. Most strikingly we find that NDN-based protocols are in significantly better flow balance than the UDP-based IP protocols and require fewer corrective actions.
