Publications
Forensic Security Monitoring in Automotive Cybersecurity: Unveiling Challenges and Prospects
2024- Troopers 26.06.2024 12:00 - Upcoming Talk
The widespread use of interconnected automotive systems has introduced a complex landscape of cybersecurity threats, making it necessary to have strong forensic security monitoring. Our analysis will delve into the intricate web of IT and in-vehicle technologies in the automotive industry. We will examine the delicate balance of maintaining continuous security oversight amidst evolving international regulations, such as the UN ECE, and the growing trend of cyber-attacks that pose a threat to vehicles, supply chains, and infrastructure.
In this presentation, we will articulate the specific challenges that come with forensic security monitoring, including the complexities of software diagnostics, the interpretation of complex cryptography, and the legal intricacies of cross-border data handling. By dissecting real-world incidents, we will uncover the opportunities for technological and procedural enhancements.
We will propose a strategic approach that focuses on integrating cutting-edge automation and AI-driven analytics to improve incident detection and post-event analysis. Our goal is to empower the automotive sector with a forensic security framework that not only addresses current vulnerabilities but also anticipates future threats, turning challenges into a springboard for cybersecurity innovation.
In our presentation, we will discuss the latest technologies in automotive ecosystems and their connection with comprehensive security monitoring. We will highlight the increasing number of cyber attacks and the role of software complexity and cryptographic systems. Additionally, we will examine the limitations of the automotive infrastructure and how to handle them wisely. We will discuss privacy-related information requirements and present approaches using technologies like AI to respond to these challenges. Our aim is to create a comprehensive understanding of the need for robust security monitoring in the automotive industry and identify practical solutions.
Speaker: Corbett Christopher, Karsten Schmidt
Keywords: Automotive Security Security Monitoring Technology
Reference: Forensic Security Monitoring in Automotive Cybersecurity: Unveiling Challenges and Prospects
Automotive Security Monitoring - A report from a practical point of view
2023- Technische Hochschule Ingolstadt - Talk
Talk about day to day challenges analysing security incidents in the automotive industry. Keynote talk for the THI Selfy project working group.
Speaker: Corbett Christopher
Keywords: Automotive Security Monitoring Technology
A Secure and Privacy Preserving System Design for Teleoperated Driving
2021- FICC 2021 - Publication
Teleoperated Driving, where a human driver controls a vehicle remotely, has the ability to be a key technology for the introduction of autonomous vehicles in everyday’s traffic scenarios. Already existing infrastructure like cellular networks have to be used to allow for an ef- ficient use of such a system. Remote control is a sensitive subject and has high demands on security and, based on the fact that individuals are driven remotely, also on privacy. To take care of security and privacy, this paper introduces the minimal set of vehicle features, that are required for Teleoperated Driving. It also discusses a way of setting up a secure connection with valid and trusted remote operators, that can be selected taking into account various parameters. Involved parties are explained in detail. To allow for traceability, e.g. in case of an accident, by keeping a high level of privacy, a logging concept is introduced. Overall, this paper presents an initial approach to build a teleoperated system considering security and privacy as key factors, which can be used to build real-world systems.
Authors: Neumeier Stefan, Corbett Christopher, Facchi Christian
Keywords: Automotive Security Teleoperated Driving Remote Control System Design Autonomous Driving
Reference: A Secure and Privacy Preserving System Design for Teleoperated Driving
A generalized approach to automotive forensics
2021- DFRWS-EU - Publication
In the past years, software became an essential topic in modern vehicles, e.g., with the rise of more and more complex driver assistance systems. The advent of automated driving will drive this trend even further. Today, accident investigation, as well as warranty claim analysis, need to take into consideration an analysis of the rapidly increasing proportion of software and security based implementations as part of modern vehicles, the so-called digital forensics. This paper evaluates the general feasibility of digital forensics on a state-of-the-art vehicle. To do so, we analyzed current digital forensics techniques on a state-of-the-art vehicle to constitute gaps in the automotive forensics process used on in-vehicle systems. We present a general process for automotive forensics to close existing gaps and implemented it on a state-of-the-art vehicle in an in-vehicle device manipulation scenario. The implementation uses the on-board diagnostics interface, the diagnostics over internet protocol, as well as the unified diagnostic services for communication. Our implementation requires automotive Ethernet at the diagnostic interface. Our research shows future directions for efficient automotive forensic as well as the exemplary feasibility of automotive forensic analysis on state-of-the-art vehicles without the need for additional in-vehicle components such as intrusion detection systems or event data recorders.
Authors: @Kevin Gomez Buquerin, Corbett Christopher, Hof Hans-Joachim
Keywords: Automotive Security Forensic
Reference: A generalized approach to automotive forensics
Automotive DoIP and forensic analysis for automotive systems
2019- CS3STHLM - Talk
The automobile industry is changing and new fields such as autonomous driving, battery enhancements and infrastructure or advanced mobility services are under development. As a side effect the interconnection of vehicles increases with numerous new protocols and technologies introduced to enable these scenarios, which also attract the attention of security researchers and hackers. Therefore, more focus on security practices is necessary. One of these new technologies is Automotive Ethernet. It not only affects the in-vehicle network with enhanced bandwidth and protocol versatility, but also enables the connection of the vehicle to existing external network infrastructures. This can be accomplished by the Diagnostic over Internet Protocol (DoIP) which is used for diagnostic communication over the Onboard Diagnostic (OBD) interface. Therefore potential unsafe or even unknown functionality is exposed to the outside world which, until now, was a private point to point connection between the diagnostic equipment and the vehicle. Moreover the diagnostic interface is commonly used to modify vehicles like enabling/disabling software features or update firmware. With an increasing proportion of software as a product features and at the same time raising attractiveness for malicious activities (e.g. fraud, attacks, manipulation) by attackers. The Original Equipment Manufacturers (OEM) are faced with new challenges in the domain of evidence preservation and reconciliation. Especially with the ISO21434 and UNECE on the horizon. We examined possible scenarios that range from information gathering to malicious activities with focus on the vehicle and infrastructure. At the same time we approached the idea of what forensic evidence such activities might leave behind and how state-of-the-art technology helps preserving evidence. We therefore analysed the protocol specification and developed software according to our scenarios for evaluation. Furthermore, we studied existing forensic investigation approaches in the IT and SCADA domains and their feasibility with the DoIP protocol, as being the central point of communication with the in-vehicle network from outside the vehicle. In this presentation we present our approach on the analysis of the protocol, the scenarios we derived and the tools we used for evaluation. This also includes the applicability check of the diagnostic interface for forensic investigation as well as discussion to provide these forensic investigations for court relevant incidents.
Speakers: Corbett Christopher, @Kevin Gomez Buquerin
Keywords: Automotive Security Network Forensic
Reference: Automotive DoIP and forensic analysis for automotive systems Reference: Complete presentation @ youtube
Moderne Fahrzeug Security - Herausforderungen, Technologien, Open-Source
2018- Technische Hochschule Ingolstadt - Talk
Moderne Fahrzeuge stellen die Security vor neue Herausforderungen. Neben Branchen üblichen Tools und Software (z.B. von Vector Informatik) entwickelt sich auch der Open-Source Bereich stetig weiter. In diesem Talk werden Herausforderungen, Entwicklungen und der Einsatz von Open-Source Software erläutert, sowie ein Ausblick auf zukünftige Herausforderungen gegeben.
Speaker: Corbett Christopher
Keywords: Automotive Security Open Source Technology
Security Testing for Networked Vehicles
2018- 7th FKFS - Publication
An effective automotive security concept requires security testing throughout the complete vehicle development phase. Compared to classic test concepts for typical car functions and control unit where the boundary conditions are fixed and usually determined by physical laws security test concepts reflect the competition between attacker and defender. As a result of these competition the boundary conditions are continuously changing. Therefore, even after the start of production until the de-commissioning of the vehicle, regular security tests are necessary to check newly developed cyber-attacks and previously undetected security vulnerabilities. Furthermore, if necessary the Original Equipment Manufacturer (OEM) must be able to react effectively to these security vulnerabilities. Security testing in the classical IT-world is defined as a process intended to detect and remove errors in security mechanisms of information systems that protects data and maintains functionality. Due to the logical limitations of security testing, passing security testing is not an indication that no security flaws exist or that the system adequately satisfies the security requirements. Security testing in the automotive world must be, to some extent, defined in a brooder way, since the mutual influence between security and safety must be taken into account. The security of embedded car software or control unit is a criterion that has gained immense importance, but is difficult to formulate and test as a simple requirement.
Authors: Corbett Christopher, Schmidt Karsten, Jakob Martin
Keywords: Automotive Security Network Testing
Reference: Security Testing for Networked Vehicles
Leveraging Hardware Security to Secure Connected Vehicles
2018- SAE - Publication
Advanced safety features and new services in connected cars depend on the security of the underlying vehicle functions. Due to the interconnection with the outside world and as a result of being an embedded system a modern vehicle is exposed to both, malicious activities as faced by traditional IT world systems as well as physical attacks. This introduces the need for utilizing hardware-assisted security measures to prevent both kinds of attacks. In this paper we present a survey of the different classes of hardware security devices and depict their different functional range and application. We demonstrate the feasibility of our approach by conducting a case study on an exemplary implementation of a function-on-demand use case. In particular, our example outlines how to apply the different hardware security approaches in practice to address real-world security topics. We conclude with an assessment of today’s hardware security devices. Based on our presented case study we outline the identified gaps and derive the necessary future developments for next-generation hardware security devices to meet the requirements for automotive applications.
Authors: Corbett Christopher, Schmidt Karsten, Schneider Rolf, Dannebaum Udo, Brunner Martin
Keywords: Automotive Security Network Mobility TPM SLI Smartcard Hardware Connected Vehicle
Reference: Leveraging Hardware Security to Secure Connected Vehicles
IT-Sicherheitsanalyse für Ethernet im Fahrzeug
2017- University of Kempten - Master Thesis
Authors: Seiler Johannes
Reviewers: Prof. Dr. Stefan Frenz
Supervisors: Corbett Christopher
Keywords: Automotive Security Ethernet Analysis
A Testing Framework Architecture Concept for Automotive Intrustion Detection Systems
2017- Gesellschaft für Informatik - Publication
Vehicles are the target of a rising number of hacking attacks. The integration of in-vehicle intrusion detection systems is a common approach to increase the overall system security. However, testing and evaluating these systems is difficult due to the lack of tools to generate realistic benign and malicious workloads as well as sharing these workloads with other researchers. Currently, test- ing tools are predominantly intended for Network Intrusion Detection System (NIDS) in company or industrial networks where their usefulness became apparent. Yet, in the automotive domain, development of testing tools is still in the early stages. Existing non-commercial automotive tools only focus on one specific bus technology each. However, in-vehicle communication exceeds bus technology boundaries and a testing tool must cover multiple technologies. We propose a framework architecture concept for in-vehicle NIDS testing and evaluation to enable the creation of realistic network traffic and attacks in consideration of automotive specific challenges. Our concept provides the opportunity to share data without additional anonymization effort therefore improving cooperation and reproducibility of testing results.
Authors: Corbett Christopher, Basic Tobias
Keywords: Automotive Security Network Testing
Reference: A Testing Framework Architecture Concept for Automotive Intrustion Detection Systems
**A Packet Generation Framework for Evaluating Network Intrusion Detection Systems in Ethernet-based Electric/Electronic Architectures **
2017- University of Darmstadt - Master Thesis
Authors: Basic Tobias
Reviewers: Prof. Dr. Stefan Katzenbeisser, Dr. Tolga Arul
Supervisors: Corbett Christopher
Keywords: Automotive Security Ethernet Analysis
Security Evolution in Vehicular Systems
2016- HU Berlin - Publication
The automotive industry’s future trends, such as automated driving or advanced driver assistance, require large bandwidths to handle massive data streams and strongly depend on well timed communication. The Ethernet technology is seen as a suitable candidate to cover those needs for vehicle-internal networks; however, Ethernet involves security issues. Thus, by discussing automotive Ethernet attributes with regard to the adaption of existing security mechanisms in contrast to the potential of creating new ones, several challenges and opportunities emerge in consideration of comparatively fewer available resources and the integration into a vehicle environment. Based on these results we derive and propose ideas for manipulation and misuse detection mechanisms.
Authors: Lang Dominik, Corbett Christopher, Kargl Frank
Keywords: Automotive Security Network Testing
Reference: Security Evolution in Vehicular Systems
Automotive Ethernet: Security opportunity or challenge?
2016- Gesellschaft für Informatik - Publication
The automotive industry’s future trends, such as automated driving or advanced driver assistance, require large bandwidths to handle massive data streams and strongly depend on well timed communication. The Ethernet technology is seen as a suitable candidate to cover those needs for vehicle-internal networks; however, Ethernet involves security issues. Thus, by discussing automotive Ethernet attributes with regard to the adaption of existing security mechanisms in contrast to the potential of creating new ones, several challenges and opportunities emerge in consideration of comparatively fewer available resources and the integration into a vehicle environment. Based on these results we derive and propose ideas for manipulation and misuse detection mechanisms.
Authors: Corbett Christopher, Schoch Elmar, Preussner Felix, Kargl Frank
Keywords: Automotive Security Network Testing Detection Misuse Misbehavior
Reference: Automotive Ethernet: Security opportunity or challenge?