IT-Sicherheit im Wettstreit um die erste autonome Fahrzeugflotte: Ein Diffusionsmodell

In der Fahrzeugindustrie halten aktuell eine Reihe von Neuerungen Ein‑ zug. So sorgen neben dem Umstieg auf E‑Mobilität hochtechnologische Assistenzsysteme in Fahrzeugen für einschneidende Veränderungen. Eine weitere mit diesen neuen Systemen einhergehende Neuerung ist, dass Autos nun wie Smartphones mit regelmäßigen Updates versorgt werden. Der Hersteller Tesla behauptet sogar, seine Autos in Zukunft per Softwareupdate zum vollautonomen Fahrzeug upgraden zu können. Diese Entwicklung kann zu einer nicht nachhaltigen und risikoreichen Entwicklung der IT‑Security und der Umweltbilanz des Fahrzeugsektors führen. IT security and competition in the automotive industry A diffusion model Today’s automotive industry is changing rapidly. The slow movement toward electric mobility and highly technical assistant systems chal- lenge old hierarchies. Another innovation associated with the latter is that cars now receive regular software updates, just like smartphones. Tesla even claims to be able to upgrade their cars to fully autonomous driving in the future. This could lead to an unsustainable and risky development of IT security and the environmental performance of the vehicle sector

Towards Understanding and Applying Security Assurance Cases for Automotive Systems

Security Assurance Cases (SAC) are structured bodies of arguments and evidence used to reason about security properties of a certain artefact.SAC are gaining focus in the automotive domain as the need for security assurance is growing due to software becoming a main part of vehicles. Market demands for new services and products in the domain require connectivity, and hence, raise security concerns. Regulators and standardisation bodies started recently to require a structured for security assurance of products in the automotive domain, and automotive companies started, hence, to study ways to create and maintain these cases, as well as adopting them in their current way of working.In order to facilitate the adoption of SAC in the automotive domain, we created CASCADE, an approach for creating SAC which have integrated quality assurance and are compliant with the requirements of ISO/SAE-21434, the upcoming cybersecurity standard for automotive systems.CASCADE was created by conducting design science research study in two iterative cycles. The design decisions of CASCADE are based on insights from a qualitative research study which includes a workshop, a survey, and one-to-one interviews, done in collaboration with our industrial partners about the needs and drivers of work in SAC in industry, and a systematic literature review in which we identified gaps between the industrial needs and the state of the art.The evaluation of CASCADE was done with help of security experts from a large automotive OEM. It showed that CASCADE is suitable for integration in industrial product development processes. Additionally, our results show that the elements of CASCADE align well with respect to the way of working at the company, and has the potential to scale to cover the requirements and needs of the company with its large organization and complex products

Automatic code generation for security requirements in AUTOSAR based on the Crypto Service Manager

The increasing complexity and autonomy of modern vehicles make security a key issue of the design and development in the automotive industry. A careful analysis of the security requirements and adequate mechanisms for ensuring integrity and confidentiality of data are required to guarantee safety. In the automotive domain, AUTOSAR (AUTomotive Open System ARchitecture) is the standard de facto. It provides a component-based system design at different levels of abstraction. In this thesis a library has been developed to implement the Crypto Service Manager (CSM) of AUTOSAR. It offers a standardized access to cryptographic services for applications. The library is implemented in C language and supports the modules for MAC generation/verification and encryption/decryption, according to the standard. In particular, modelling extensions in AUTOSAR are proposed to address confidentiality and integrity security constraints at the design stage. Software components are automatically extended according to security annotations with security elements (ports and interfaces), used to call the CSM functions

Combined automotive safety and security pattern engineering approach

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt

An Event Based Digital Forensic Scheme for Vehicular Networks

The software in today's cars has become increasingly important in recent years. The development of high-tech driver assistance devices has helped fuel this movement. This tendency is anticipated to accelerate with the advent of completely autonomous vehicles. As more modern vehicles incorporate software and security-based solutions, "Event-Based digital forensics," the analysis of digital evidence of accidents and warranty claims, has become increasingly significant. The objective of this study is to ascertain, in a realistic setting, whether or not digital forensics can be successfully applied to a state-of-the-art automobile. We did this by dissecting the procedure of automotive forensics, which is used on in-car systems to track the mysterious activity by means of digital evidence. We did this by applying established methods of digital forensics to a state-of-the-art car.Our research employs specialized cameras installed in the study areas and a log of system activity that may be utilized as future digital proof to examine the effectiveness of security checkpoints and other similar technologies. The goal is to keep an eye on the vehicles entering the checkpoint, look into them if there is any reason to suspect anything, and then take the appropriate measures. The problem with analyzing this data is that it is becoming increasingly complex and time-consuming as the amount of data that has been collected keeps growing. In this paper, we outline a high-level methodology for automotive forensics to fill in the blanks, and we put it through its paces on a network simulator in a state-of-the-art vehicle to simulate a scenario in which devices are tampered with while the car is in motion. Here, we test how well the strategy functions. Diagnostics over IP (Diagnostics over IP), on-board diagnostics interface, and unified diagnostic services are all used during implementation. To work, our solution requires vehicles to be able to exchange diagnostic information wirelessly.These results show that it is possible to undertake automotive forensic analysis on state-of-the-art vehicles without using intrusion detection systems or event data recorders, and they lead the way towards a more fruitful future for automotive forensics. The results also show that modern autos are amenable to forensic automotive analysis

Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163