Automotive Cybersecurity Symposium 2021

14:00 / 2 p.m.

CEST

ISO 21434 and CSMS in Practice

Oliver Huppenbauer | Marquardt

Experience of Tier 1 how to implement ISO/SAE 21434 into company and  how to integrate Cybersecurity into existing management systems.

15:00 / 3 p.m.

CEST

Grey-Box Penetration Testing for Full Life-Cycle Cybersecurity
Dr. Christof Ebert | Vector Consulting Services

Automotive electronics and enterprise IT are converging and thus open the doors for advanced hacking. With classic security testing, vulnerability detection is inefficient and incomplete. In this presentation, we show how an enhanced Grey-Box Penetration Test (GBPT) needs less test cases while being more effective in terms of coverage and indicating less false positives. We will show the systematic approach to GBPT and underline with industry experiences the take-aways.

16:00 / 4 p.m.

CEST

Automotive Safety and Security – Current Trends and Challenges
Stefan Kriso | Bosch

With the current trend towards automated driving, connectivity, and electrification we have to deal with new challenges in the area of vehicle safety. In the past we had a strong focus on functional safety (ISO 26262), but this will be no longer sufficient in future – other aspects of vehicle safety will become more and more important, for example SOTIF (safety of the intended functionality), security (especially the safety relevance of intended manipulations), safety regulations etc. Especially the trend that more and more support and functionality come from the infrastructure lead to new safety and security questions. For example, what if someone manipulates not the vehicle itself, but the environment of the vehicle? This presentation will give an overview over the current activities in the area of standardization and regulations and the activities which are required to ensure safe vehicles in future. It will give some examples how to deal with upcoming safety questions and how the different safety aspects could interact.

17:00 / 5 p.m.

CEST

Discussion Panel: How To Effectively Combine Cybersecurity and Safety

André Weimerskirch | Lear
Sven Schran | Bosch
John Heldreth | Automotive Security Research Group (ASRG)
Dr. Christof Ebert | Vector Consulting Services

Cybersecurity and functional safety are closely related and must be implemented together. However, this is challenging due to lack of combined methods but also due to different responsibilities in companies. This panel shows how cybersecurity and safety can be effectively implemented: Sustainably and cost-effectivly.

14:00 / 2 p.m.

CEST

Scalable Automotive Intrusion Detection Systems: From the ECU To the VSOC
Justus Reich | IBM und Dr. Eduard Metzker | Vector

• Regulatory requirements drive the need for Intrusion Detection Systems (IDS)
• A scalable automotive IDS solution from the ECU to the vehicle security operation center (VSOC) is required
• A solution based on automotive standards and of-the-shelf IT software is reasonable

15:00 / 3 p.m.

CEST

Automated Threat Evaluation of Automotive Diagnostic Protocols
Nils Weiß | OTH Regensburg

Diagnostic protocols in automotive systems can offer a huge attack surface with devastating impacts if vulnerabilities are present. This presentation shows the application of active automated learning techniques for reverse engineering system state machines of automotive systems. The developed black-box testing strategy is based on diagnostic protocol communication. Through this approach, it is possible to automatically investigate a highly increased attack surface. Based on a new metric, introduced in this presentation, we are able to rate the possible attack surface of an entire vehicle or a single ECU. A novel attack surface metric allows comparisons of different ECUs from different OEMs, even between different diagnostic protocols.

16:00 / 4 p.m.

CEST

Fuzz Testing the ISO 15118 Protocol Stack
Tobias Schöneberger | Vector

The charging port is a new, externally accessible gateway for vehicle attacks, which requires systematic robustness and security tests of the ISO15118 interface.

The presentation displays how IP, TCP, TLS and EXI protocols can be tested automatically with the combination of fuzz and security tests. In focus is the test of TLS handshake and X509 certificates.

17:00 / 5 p.m.

CEST

Keeping Your ECU Secure Against Compromised Adaptive Applications
Udo Neitzel | ITK Engineering

The AUTOSAR Adaptive Platform (AP) enables the implementation of multiple tasks with different security objectives on a single ECU. Identity and Access Management (IAM) allows to assign access permissions on platform resources and services. We present the principles, architecture and application of IAM.

18:00 / 6 p.m.

CEST