I will soon be finishing my doctorate. Starting from the fourth quarter of 2025, I am looking for challenging, research-oriented industry positions that also would like to support my IETF and RIOT activities after that.
Curriculum Vitae
I am currently a PhD student passionate new IoT solutions and IoT security. I am specialized on real world measurements as well as the analysis of Internet backbone traces. In my work, I have a strong focus on using and developing Open Source software and to make my research results as reproducible as possible.
For an overview of presentations I gave over the last years (both private and professional, both German and English), see this YouTube playlist.
I am proficient in German (native speaker) and English (professional proficiency), and also speak and understand some Spanish (basic level).
Work Experience
Since Aug 2023: Technische Universität Dresden Dresden
Research Associate
In this position I worked on RIOT and the PIVOT and C-ray4edge projects.
Due to my work on RIOT, I took a fundamental part in spreading the RIOT community to Dresden by carrying over the monthly Hack'n'ACK events from Berlin.
Jul 2016 – Aug 2023: Freie Universität Berlin Berlin
Research Associate
In this position I worked on RIOT and the I3, RAPstore and PIVOT projects.
I also started going to IETF meetings regularly, which intensified when I started to design the DNS over CoAP (DoC) protocol for the PIVOT project in 2022.
Apr 2013 – Jun 2016: Freie Universität Berlin Berlin
Student Assistant
In this position I started working on RIOT, after I already worked on it for my Bachelor thesis (when it still was called μkleos), while working for the SAFEST project.
During this time, I became a RIOT maintainer and developed the GNRC network stack which eventually became a huge part in my Master thesis.
Oct 2011 – Sep 2013: Freie Universität Berlin Berlin
Teaching Assistant
In this position I tought courses on object oriented and imperative programming languages, computer architecture, operating systems, and computer networks to undergraduate students.
Mar 2012 – Mar 2013: elego Software Solutions GmbH Berlin
Working Student
In this position developed and consulted for Open Source Software Content Management (SCM) Systems such as Git or libgit2, as well as Open Source Continuous Integration (CI) Systems such as Jenkins.
Education
Since Mar 2023: Freie Universität Berlin Berlin
Doctorate in Computer Science
Thesis: "Meta-Data Obfuscation in the IoT Using Header Field Elision and Payload Encryption"
Oct 2011 – Jun 2016: Freie Universität Berlin Berlin
Master of Science in Computer Science, Grade: 1,9
Thesis: "Analysis and Comparison of Embedded Network Stacks"
Abstract: Embedded network stacks are at the core of every software solution for the Internet of Things (IoT), since they provide access to the outside world.
This thesis presents the proceedings of the design and implementation of the GNRC network stack.
Furthermore, it compares this stack to other stacks with similar feature sets, namely lwIP and emb6.
I describe their functionality and architecture and provide an experimental quantitative evaluation based on the RIOT operating system.
Since the term IoT is only defined very broadly, I also provide a definition for my view on the IoT and present the protocol suite used by both GNRC and the two reference stacks.
Oct 2008 – Sep 2011: Freie Universität Berlin Berlin
Bachelor of Science in Computer Science, Grade: 1,6
Thesis (in German): "Implementation of a Border Router for 6LoWPAN under the μkleos operating system"
Oct 2007 – Sep 2008: Freie Universität Berlin Berlin
C-ray4edge aims to develop a technical framework to secure the operation of Edge Computing. The "normal operation" of a network node is recorded as a profile of its electromagnetic radiation. A comparison of profiles at different points in time is used to detect manipulation of the hardware. Monitoring at a central location is supplemented by proof of identity, so-called trust anchors, in the hardware. System reliability is also to be achieved by developing a self-monitoring system and improving resource management.
PIVOT was a German-French project in the joint Call on Cybersecurity, sponsored by the German Ministry of Education and Research (BMBF) and the Agence Nationale de la Recherche (ANR).
PIVOT aimed for assuring both privacy of data and of identifiers that may disclose the data sources and contexts in the Internet of Things (IoT). The secure protection of data and metadata in PIVOT in particular extended to low-end devices and low-power radio networks of the ultra-constrained IoT.
In RAPstore we aimed to design, develop, and test an app store for low-end IoT devices. Similar to the mobile market, we aimed for a platform that allows application developers to share software with end users, and to allow end users to update their IoT devices more easily compared to the current state of art. In contrast to the mobile market, these applications would run on many more devices with very constrained resources. We developed our solutions for the most modern operating system of the IoT, RIOT.
I3 was aiming to develop and test Information Centric Networking as local access technology for the industrial Internet. It pursued the following three core objectives: (i) Achievement of a new quality of secure, reliable, and differentiated network services. (ii) Definition of an integrated architecture of local optimization and wide area network integration. (iii) Design and standardization of a universal software interface for technology abstraction.
SAFEST aimed at a comprehensive solution to ensure the safety and security of the general public and critical infrastructures. Specifically, SAFEST addressed the problems of crowd control and area surveillance at airports. The project is funded by the ANR and BMBF.
Hobbies and Other Extracurricular Activities
Singing
I am taking singing lessons for over 20 years now.
My range goes from mezzo-soprano down to tenor-baritone.
I am trained in classical music, pop, and musical style.
Currently I am also practicing more modern voice techniques such as vocal fry.
Acting
Both on stage and behind the puppet stage.
With the c-atre and the Coffeebots.
Through puppet play I also developed an interest for voice acting.
My long experience in singing is both helpful with that and any music number we embed in our plays.
draft-ietf-core-dns-over-coap, IETF, core WG • Sep 2024
Abstract: This document defines a protocol for sending DNS messages over the Constrained Application Protocol (CoAP). These CoAP messages are protected by DTLS-Secured CoAP (CoAPS) or Object Security for Constrained RESTful Environments (OSCORE) to provide encrypted DNS message exchange for constrained devices in the Internet of Things (IoT).
Abstract: This document states problems when designing DNS SVCB records to discover endpoints that communicate over Object Security for Constrained RESTful Environments (OSCORE) [RFC8613]. As a consequence of learning about OSCORE, this discovery will allow a host to learn both CoAP servers and DNS over CoAP resolvers that use OSCORE to encrypt messages and Ephemeral Diffie-Hellman Over COSE (EDHOC) [RFC9528] for key exchange. Challenges arise because SVCB records are not meant to be used to exchange security contexts, which is required in OSCORE scenarios.
draft-ietf-core-transport-indication, IETF, core WG • Jul 2024
Abstract: The Constrained Application Protocol (CoAP, [RFC7252]) is available over different transports (UDP, DTLS, TCP, TLS, WebSockets), but lacks a way to unify these addresses. This document provides terminology and provisions based on Web Linking [RFC8288] to express alternative transports available to a device, and to optimize exchanges using these.
Abstract: This document specifies a compressed data format of DNS messages using the Concise Binary Object Representation [RFC8949]. The primary purpose is to keep DNS messages small in constrained networks.
Proceedings of the ACM on Networking, Vol. 1, No. CoNEXT2 (Acc: 18.5%) • Sep 2023
Abstract: In this paper, we present the design, implementation, and analysis of DNS over CoAP (DoC), a new proposal for secure and privacy-friendly name resolution of constrained IoT devices. We implement different design choices of DoC in RIOT, an open-source operating system for the IoT, evaluate performance measures in a testbed, compare with DNS over UDP and DNS over DTLS, and validate our protocol design based on empirical DNS IoT data. Our findings indicate that plain DoC is on par with common DNS solutions for the constrained IoT but significantly outperforms when additional standard features of CoAP are used such as caching. With OSCORE, we can save more than 10 kBytes of code memory compared to DTLS, when a CoAP application is already present, and retain the end-to-end trust chain with intermediate proxies, while leveraging features such as group communication or encrypted en-route caching. We also discuss a compression scheme for very restricted links that reduces data by up to 70%.
Abstract: This paper evaluates four forwarding strategies for fragmented datagrams in the Internet of Things (IoT). We focus on classic end-to-end fragmentation, hop-wise reassembly, a minimal approach to direct forwarding of fragments, and direct forwarding utilizing selective fragment recovery. To fully analyze the potentials of selective fragment recovery, we include four common congestion control mechanisms. We compare all fragmentation strategies comprehensively in extensive experiments to assess reliability, end-to-end latency, and memory consumption on top of IEEE 802.15.4 and its common CSMA/CA MAC implementation. Our key findings include three takeaways. First, direct fragment forwarding should be deployed with care since higher packet transmission rates on the link layer can significantly reduce reliability, which can even further increase end-to-end latency because of highly increased link layer retransmissions. Second, selective fragment recovery can mitigate the problems underneath. Third, congestion control for selective fragment recovery should be chosen such that small congestion windows grow together with fragment pacing. In case of fewer fragments per datagram, pacing is less of a concern but the congestion window is limited by an upper bound.
Abstract: In this paper, we analyze the benefits of integrating 6LoWPAN Selective Fragment Recovery (SFR) in ICNLoWPAN. We present a solution that allows for immediate fragment forwarding—a key feature of SFR—in combination with ICN caching. Our proposal introduces a Virtual Reassembling Endpoint (VREP), which acts transparently as an SFR fragment forwarder while simultaneously collecting fragments. Once a datagram is complete, it is exposed to the content cache, effectively making the VREP the new fragmenting endpoint. Our solution complies with current specs defined in the IETF/IRTF. Furthermore, we combine the reverse path forwarding schemes of both SFR and ICNLoWPAN and assess drawbacks and benefits in a testbed. Our evaluation shows that SFR with VREP performs similar to hop-wise reassembly, details depend on the topology, but both outperform SFR without VREP in all scenarios.
Abstract: This paper takes a comprehensive view on the protocol stacks that are under debate for a future Internet of Things (IoT). It addresses the holistic question of which solution is beneficial for common IoT use cases. We deploy NDN and the two popular IP-based application protocols, CoAP and MQTT, in its different variants on a large-scale IoT testbed in single- and multi-hop scenarios. We analyze the use cases of scheduled periodic and unscheduled traffic under varying loads. Our findings indicate that (a) NDN admits the most resource-friendly deployment on nodes, and (b) shows superior robustness and resilience in multi-hop scenarios, while (c) the IP protocols operate at less overhead and higher speed in single-hop deployments. Most strikingly we find that NDN-based protocols are in significantly better flow balance than the UDP-based IP protocols and require fewer corrective actions.