Thank you

Conference opening.

The idea of the keynote entitled “Empowering the correct implementation of cybersecurity in automotive development projects: 7 prerequisites that must be present in management and engineering” is to take the experience gained from projects with international OEMs and tier-N suppliers from the perspective of one of the world’s leading consulting firms for strategic guidance and operational implementation of cybersecurity in automotive development as a starting point to compile tangible lessons learned and recommendations for action in a generally applicable manner. The purpose is to outline recurring shortcomings and weaknesses in practice that currently dominate the day-to-day work of cybersecurity managers as well as cybersecurity engineers in the different organizations of the supply chain and their respective automotive development projects. In detail, illustrated with examples and concrete observations from the daily engineering practice, the following problems will be addressed:

• Distinctions and synergies between IT security and automotive cybersecurity
• Linking quality of software and system with cybersecurity along the V-model
• Importance of systematic strategic cybersecurity implementation instead of insular tool approaches, shortcuts and idea of cybersecurity as an addon
• Management commitment to cybersecurity and organizational structure for projects
• Re-use principles, synergies, template management, libraries and scope of cybersecurity activities
• Cybersecurity organization structure, roles, responsibilities
• Consideration of cybersecurity in project and product life cycle, cybersecurity stakeholders, awareness and culture

One of the most important recommendations for action: The early and comprehensive development of cybersecurity competencies, aligned with the roles and functions of the organization and compliant with the evidence obligations of the most important industry standards and regulations.

A buffer overflow is a condition in which the amount of data written to a buffer exceeds the buffer’s intended capacity, and unintentionally overwrites areas of memory not intended to be overwritten. Understanding buffer overflows is a key step in understanding how programs can be targeted by cyber-attacks and understanding how secure coding practices can improve a system’s security posture. Bluetooth is one of the most common wireless networks found in vehicles today. When developing an application to connect to a Bluetooth interface, it is important to keep in mind the types of data that the application will receive and try to minimize the possibility of attack via data injection over Bluetooth. This presentation will demonstrate a simple Buffer Overflow attack targeted at an intentionally vulnerable application designed to accept user input data over Bluetooth.

CAN was designed in the mid 1980s before devices on CAN were connected remotely and before security was a major issue. Today the situation is different and protecting messaging on CAN is important. A way to do that is to use cryptography so that only authorized senders can create valid messages and only authorized receivers can decode them. The encryption scheme presented converts a standard CAN frame into a protected message for transmission on CAN and then back again at receivers, using dedicated cryptographic hardware or pure software. The scheme is designed to meet the specific requirements for CAN communication, keeps message payloads secret, prevents spoofing attacks, and can run on resource-constrained hardware.

The talk would be “How I hacked into a Honda Connected Car. The mobile app used by the connected car used weak security mechanisms in its APIs for access controls which would allow a malicious user to perform actions like starting the car, locking/unlocking car etc. remotely by interacting with it’s Telematics Control Unit (TCU).

The average car has more or less 100 million lines of code. As the automotive industry becomes more reliant on software, this drastically increases potential vulnerabilities. How can we reduce vulnerabilities effectively and keep a car’s software system protected? What types of security testing should be included? How do we avoid exposure to potentially dire consequences? The implementation of DevOps has improved the way in which we deliver software however security is often considered an afterthought. How can we reduce vulnerabilities by enabling collaboration between different teams? In this session, we will look at real-world examples, how to manage vulnerabilities, and implement ways that allow development and security to collaborate efficiently. More specifically: Common misconceptions about “Shifting left”. The importance of collaboration between Development, Security, and Operations teams Reducing security exposure and consistent compliance with the policy.

Over-The-Air (OTA) updates for vehicles are becoming the standard in 2022. Infotainment OTA updates have been available for over a decade; but now, multiple OEMs offer OTA updates for additional ECUs in the vehicle. This change introduces challenges in the form of new attack surfaces, and opportunities for improving automotive security, such as enabling the ability to fix security issues remotely. This session briefly introduces how Automotive OTA works. We examine some aspects of the design and implementation of an end-to-end secure Automotive Software Update solution. Based off actual findings in security reviews conducted by CYMOTIVE, we describe common security misconceptions and show how they cause vulnerabilities in automotive OTA update implementations. We conclude the session by presenting some ideas for improving the OTA development process.

“Vehicle Systems Forensics. – Back To The Future” Hey Doc’, I hear you cry – but no, not Doc Emmett Brown, but Doctor Edmond Locard (1877 – 1966). Locard was a French Criminalist known for being a pioneer in forensic science and formulated the basic principle of forensic science as: “Every contact leaves a trace”. In this presentation, I take a look at the world of Vehicle Systems Forensics and look back on some cases where automotive data has helped detect some serious crimes and collisions in the UK. We look at how a digital trace was left to assist these cases and why those in the automotive cybersecurity space need to be mindful of what systems they are developing now which can help in future investigations where vehicles will be exploited in the criminal arena.

This talk shows novel scanners and fuzzers for automotive network communication. Over the last two years we’ve developed automated tools for transport- and application-layer scans of automotive protocols based on Scapy. We explain the usage and advantages of these tools and dive into the complexity of the system states of ECUs. Finally, we show how custom fuzzers for stateful network fuzzing can be created. The following protocols are covered: CAN, ISOTP, UDS, GMLAN, OBD, DoIP, HSFZ. Automotive software of control units uses state machines all over the place. The attack surface of an ECU is extremely dependent on the current system state. Therefore, any penetration test on ECUs has to be performed with the system state in mind. In recent years, we’ve created fully automated tools for Transport-Layer and Application-Layer network scans. We will explain these scanners in detail and show how they can be used for penetration testing. Furthermore, we will show examples of systems states by reverse engineering automotive firmware. We explain how the gathered information can be transferred to an automated tool based on our scanner. This covers details of the software-update process of automotive systems and examples of system states found during normal operation. Finally, we show how the scanner tool can be transformed into a stateful automotive network fuzzer, with just a few modifications.

Clause 9 of the ISO/SAE 21434 regulation requires that OEMS, tier 1 and 2 manufacturers, and security analysts provide high-quality documentation during the concept phase of a product’s lifecycle. It is vital that the documentation includes which mitigation from UNECE R155 was selected, as it is necessary for validation and verification testing. Deliverables created during this period include item definitions, cybersecurity goals, and cybersecurity concepts. To produce an agreed-upon machine-readable standard format; itemis, Block Harbor Cybersecurity, and Keysight came together to create a draft designed for security consultants to test the cybersecurity of projects at the conceptual level. This work is created as part of the efforts of the ASRG Technical Committee for Risk Data Exchange. In the presentation, we will demonstrate the outcome of this collaboration. We first outline the use case, then illustrate the data structure we came up with, and finally share our design considerations.

Let’s put it bluntly, the commercial vehicle cybersecurity landscape has significant financial and other “advantages” for hackers to make them a prime target, evidenced by the increased frequency of cyberattacks on fleets: Trucks are part of the commercial vehicle group transporting daily tens of billions of US dollars of goods between various locations. The tremendous value of their goods can provide huge commercial motivation for hackers to attack these vehicles, which will cause considerable financial and legal damages. Damage to mission-critical or military equipment transported by trucks can put a country at risk when affected by an attack by politically motivated individuals or organizations. So, it is logical to say that the risk level from commercial vehicles is considerably higher than passenger vehicles, making them prime targets for professional or even nation-state attackers. Let’s put it bluntly, the commercial vehicle cybersecurity landscape has significant financial and other “advantages” for hackers to make them a prime target, evidenced by the increased frequency of cyberattacks on fleets: Trucks are part of the commercial vehicle group transporting daily tens of billions of US dollars of goods between various locations. The tremendous value of their goods can provide huge commercial motivation for hackers to attack these vehicles, which will cause considerable financial and legal damages. Damage to mission-critical or military equipment transported by trucks can put a country at risk when affected by an attack by politically motivated individuals or organizations. So, it is logical to say that the risk level from commercial vehicles is considerably higher than passenger vehicles, making them prime targets for professional or even nation-state attackers. We shall overview the specifics of the heavy-duty commercial vehicles, discuss the in-vehicle network technology and explain the specific solutions to tackle those challenges.

Future networking methods are moving away from the traditional static flat networks, towards a more flexible and dynamic approach. Existing networks, partition devices into logically isolated segments, allowing resources to determine their course of communication depending on the situation at hand. Using technologies like 5G slicing, this is transparent to the end users, while at the same time adding additional complications for ensuring the security of the data. In the automotive domain, where critical internal vehicle frames are transmitted over 5G networks, it becomes imperative that these messages: a) arrive within a minimum time, and b) ensure the message is integrity and confidentially protected. Many traditional security methods, such as VPN and TLS, are not suited to the dynamic nature of future networks due to the higher operating expenses and increased latency, this is especially true in the automotive domain which operates using resource-constrained devices and a need for low latency communication over restricted communication mediums. Moreover, these security methods tend to not provide true End-to-End security as they are not designed to secure low-level Fieldbus protocols (e.g. CANBus, LIN, FlexRay), this is exasperated by the dynamic nature of future networks, including the sharing of networking infrastructure within 5G systems. This presentation investigates future networking designs and how this applies to automotive, then identifies several security concerns resulting from the changes in the networking paradigm. Finally, we discuss how to apply true End-to-End Zero-Trust principles to the automotive industry to address security concerns, while also allowing for transparent and flexible network routing.

Keynote | This talk will start with a look at how edge computing has progressed and where it may be going. It will then discuss selected unique challenges in securing connected and automated vehicles. Following that, it will use a couple of examples to show potential roles of edge computing in securing connected and automated vehicles.

Clause 9 of the ISO/SAE 21434 regulation requires that OEMS, tier 1 and 2 manufacturers, and security analysts provide high-quality documentation during the concept phase of a product’s lifecycle. It is vital that the documentation includes which mitigation from UNECE R155 was selected, as it is necessary for validation and verification testing. Deliverables created during this period include item definitions, cybersecurity goals, and cybersecurity concepts. To produce an agreed upon machine readable standard format; itemis, Block Harbor Cybersecurity, and Keysight came together to create a draft designed for security consultants to test the cybersecurity of projects at the conceptual level. This work is created as part of the efforts of the ASRG Technical Committee for Risk Data Exchange. In the presentation, we will demonstrate the outcome of this collaboration. We first outline the use case, then illustrate the data structure we came up with, and finally share our design considerations.

The rump session is an open forum to come on stage and give quick (few minutes) presentations of tools, ideas, events, etc. regarding automotive security. Please get in contact with Shalabh Jain over Airmeet to get your name on the list.

Keynote | This talk will focus on the applications of AI technology in automotive security from a present and future perspective. Given that the intersection of AI and security is currently unfolding at a fast and unprecedented pace with AI technology penetrating every security domain and industry vertical, this talk will also delve into the nuances of AI technology in automotive security and its overlaps with other domains and verticals.

Solving transportation problems with vehicular networks focuses on the design of the solutions. However, some solutions inherit existing IT security vulnerabilities and others introduce new ones that are specific to the system under study. Connected and automated vehicles run on a critical infrastructure and are a key component in urban transportation cyber-physical systems. The challenges of assessing cybersecurity in this context is that in complex systems, systems domains are interdependent and interconnected, known and unknown threats may impair the integrity of the system as a whole. We are confronted to complex interrelationships and we must anticipate future conditions. While these interdependencies bring unprecedented improvements and functionality to the system, they tend to be fragile against failures, natural hazards, and attacks. Due to the immense complexity of securing large scale CPS, and the diversity and heterogeneity of the sources and data formats involved in the cybersecurity monitoring processes, the use of Artificial Intelligence (AI), and in particular Machine Learning (ML) techniques, have been proposed and explored by researchers and cybersecurity companies for several years. In the transportation network, machine learning techniques embody the unpredictable nature of traffic and the myriad of factors that affect traffic flows, such as weather conditions, or other driver behavior, traffic problems and other events. The vision is that AI in cybersecurity can be useful, but not by blindly applying ML/DL approaches. AI-based resilience in Cyber-Physical Systems needs to be explored. And while we will be exploring the resilience of cybersecurity solutions, we will be witnessing an AI-against-AI arms race. This potential use of AI by attackers to oppose AI-based defenders constitutes a problem. Thus, because of the continuously growing scale and complexity of information, computing systems and technologies, we have to do substantial preparation work in terms of analysis, experimental setup and development of AI-based attacks in order to get to the defences and be able to explore this arms race, attempt to model it and provide innovative solutions to protect emerging technology-aware critical infrastructures.

Complexity is the worst enemy of security and complex systems are hard to secure. The more we connect things to each other, the more vulnerabilities in one thing affect others. It is definitely the case when it comes to software-defined and connected vehicles. Connectivity is not only a means to attack, it also enables attacks at scale. The internet is a massive tool for making processes more efficient, including cyber-attacks. But scale economies don’t trickle down to also enable more effective protection. Security requires a high velocity, but a vehicle’s lifecycle is relatively long, definitely longer than your average mobile phone, processes are far more complex and associated costs are dramatically higher. Given these unique challenges, OEMs’ perspective on how to effectively protect their fleets is evolving into a full-stack approach of automotive cybersecurity protection. It’s a continuous feedback loop that includes massive data, piles of different technologies and approaches, and of course highly skilled teams. Effective detection will impact how teams collect data and process it, the Vehicle SOC (VSOC) team will identify new threats and feed knowledge into the collection and detection stages.

Analyzing the security on the hardware level is an essential part of embedded system penetration tests, e.g. in the automotive domain. Typically, such analysis is a time consuming and error prone process. To increase the efficiency, this talk introduces the PROBoter as a novel open-source and self-calibrating architecture for automated PCB analysis as part of hardware penetration tests.

Reverse-engineering can be mind-numbing and eye-bleeding. Your life is about to get a bit easier. This talk discusses a new style of reverse-engineering which has been used to combine both visual/function-graph analysis and creative use of partial-emulation to trace through behaviors and gain insight without “running” code and having to deal with many of the complexities of “getting that specific code to run”

Secure EV Charging: Plug and Charge

• Future of EV charging: Plug and charge and various stakeholders involved in Plug and Charge ecosystem
• Vehicle to Grid (V2G) use cases and need for cybersecurity
• Public Key Infrastructure (PKI): Technology needed to enable secure authentication and authorization via Plug and Charge
• Regulations & standards for Vehicle to Grid (V2G) communication interface