Publications

Publications in 2020 of type Conference Proceedings

Filter by Year: All, 2021, 2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008,
Filter by Type: All, Book, Article, Chapter, Conference Proceedings, Edited Conference Proceedings, Master Thesis, Bachelor Thesis, Technical Report, Miscellaneous,
Filter by Language: All, English, German,

    2020

    • Timo Häckel, Anja Schmidt, Philipp Meyer, Franz Korf, and Thomas C. Schmidt. Strategies for Integrating Controls Flows in Software-Defined In-Vehicle Networks and Their Impact on Network Security. In: 2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020). Piscataway, NJ, USA, Dec. 2020, IEEE Press,
      [Abstract], [DOI], [Bibtex]

      Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs) via domain busses. A gateway forwards messages between these domains. Automotive Ethernet emerges as a flat, high-speed backbone technology for IVNs that carries the various control flows within Ethernet frames. Recently, Software-Defined Networking (SDN) has been identified as a useful building block of the vehicular domain, as it allows the differentiation of packets based on all header fields and thus can isolate unrelated control flows. In this work, we systematically explore the different strategies for integrating automotive control flows in switched Ether-networks and analyze their security impact for a software-defined IVN. We discuss how control flow identifiers can be embedded on different layers resulting in a range of solutions from fully exposed embedding to deep encapsulation. We evaluate these strategies in a realistic IVN based on the communication matrix of a production grade vehicle, which we map into a modern Ethernet topology. We find that visibility of automotive control flows within packet headers is essential for the network infrastructure to enable isolation and access control. With an exposed embedding, the SDN backbone can establish and survey trust zones within the IVN and largely reduce the attack surface of connected cars. An exposed embedding strategy also minimizes communication expenses.

      @InProceedings{   hsmks-sicfs-20,
        author        = {Timo H{\"a}ckel and Anja Schmidt and Philipp Meyer and
                        Franz Korf and Thomas C. Schmidt},
        title         = {{Strategies for Integrating Controls Flows in
                        Software-Defined In-Vehicle Networks and Their Impact on
                        Network Security}},
        booktitle     = {2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC
                        2020)},
        location      = {Online},
        month         = dec,
        year          = 2020,
        publisher     = {IEEE Press},
        address       = {Piscataway, NJ, USA},
        doi           = {10.1109/VNC51378.2020.9318372},
        abstract      = {Current In-Vehicle Networks (IVNs) connect Electronic
                        Control Units (ECUs) via domain busses. A gateway forwards
                        messages between these domains. Automotive Ethernet emerges
                        as a flat, high-speed backbone technology for IVNs that
                        carries the various control flows within Ethernet frames.
                        Recently, Software-Defined Networking (SDN) has been
                        identified as a useful building block of the vehicular
                        domain, as it allows the differentiation of packets based
                        on all header fields and thus can isolate unrelated control
                        flows. In this work, we systematically explore the
                        different strategies for integrating automotive control
                        flows in switched Ether-networks and analyze their security
                        impact for a software-defined IVN. We discuss how control
                        flow identifiers can be embedded on different layers
                        resulting in a range of solutions from fully exposed
                        embedding to deep encapsulation. We evaluate these
                        strategies in a realistic IVN based on the communication
                        matrix of a production grade vehicle, which we map into a
                        modern Ethernet topology. We find that visibility of
                        automotive control flows within packet headers is essential
                        for the network infrastructure to enable isolation and
                        access control. With an exposed embedding, the SDN backbone
                        can establish and survey trust zones within the IVN and
                        largely reduce the attack surface of connected cars. An
                        exposed embedding strategy also minimizes communication
                        expenses.},
        groups        = {own, sdn, publications, security}
      }
    • Philipp Meyer, Timo Häckel, Falk Langer, Lukas Stahlbock, Jochen Decker, Sebastian A. Eckhardt, Franz Korf, Thomas C. Schmidt, and Fabian Schüppel. Demo: A Security Infrastructure for Vehicular Information Using SDN, Intrusion Detection, and a Defense Center in the Cloud. In: 2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020). Piscataway, NJ, USA, Dec. 2020, IEEE Press,
      [Abstract], [DOI], [Bibtex]

      Vehicular on-board communication is the basis for advanced driver assistance, autonomous driving, over-the-air updates, and many more. If unprotected, this infrastructure is vulnerable to manipulation and various attacks. As any networked system, future connected cars require robust protection, monitoring, and incidence management against cyber-attacks during their lifetime. We demonstrate an infrastructure that secures the in-vehicle communication system and enables the security management of an entire vehicle fleet. Our prototype - a real-world production car - uses an Ethernet backbone network. It implements protective measures using software-defined networking, anomaly detection technologies, and is connected to a cyber defense center in the cloud. We demonstrate how this combination can reliably detect and mitigate common attacks on the vehicle - including its legacy components.

      @InProceedings{   mhlsd-dsivi-20,
        author        = {Philipp Meyer and Timo H{\"a}ckel and Falk Langer and
                        Lukas Stahlbock and Jochen Decker and Sebastian A. Eckhardt
                        and Franz Korf and Thomas C. Schmidt and Fabian
                        Sch{\"u}ppel},
        title         = {{Demo: A Security Infrastructure for Vehicular Information
                        Using {SDN,} Intrusion Detection, and a Defense Center in
                        the Cloud}},
        booktitle     = {2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC
                        2020)},
        location      = {Online},
        month         = dec,
        year          = 2020,
        publisher     = {IEEE Press},
        address       = {Piscataway, NJ, USA},
        doi           = {10.1109/VNC51378.2020.9318351},
        abstract      = {Vehicular on-board communication is the basis for advanced
                        driver assistance, autonomous driving, over-the-air
                        updates, and many more. If unprotected, this infrastructure
                        is vulnerable to manipulation and various attacks. As any
                        networked system, future connected cars require robust
                        protection, monitoring, and incidence management against
                        cyber-attacks during their lifetime. We demonstrate an
                        infrastructure that secures the in-vehicle communication
                        system and enables the security management of an entire
                        vehicle fleet. Our prototype - a real-world production car
                        - uses an Ethernet backbone network. It implements
                        protective measures using software-defined networking,
                        anomaly detection technologies, and is connected to a cyber
                        defense center in the cloud. We demonstrate how this
                        combination can reliably detect and mitigate common attacks
                        on the vehicle - including its legacy components.},
        groups        = {own, sdn, publications, security, anomaly-detection}
      }
    • Randolf Rotermund, Timo Häckel, Philipp Meyer, Franz Korf, and Thomas C. Schmidt. Requirements Analysis and Performance Evaluation of SDN Controllers for Automotive Use Cases. In: 2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020). Piscataway, NJ, USA, Dec. 2020, IEEE Press,
      [Abstract], [Slides (pdf)], [DOI], [Bibtex]

      Future vehicles will be more connected than ever leading to increased dynamics in vehicle on-board networks. Software-Defined Networking (SDN) is a promising technology to meet the emerging needs for flexibility and security in future automotive use cases. Although SDN controllers have been evaluated in data center networks, to the best of our knowledge there is a lack of an analysis and performance evaluation of SDN controllers for automotive use cases. In this work we provide a detailed requirements analysis for the use of SDN controllers in cars. Based on this requirements analysis we choose existing controller implementations for a performance analysis. Finally, we analyze automotive specific use cases for SDN controllers with controller application examples and show how these can fulfill additional requirements. Our evaluation provides a helpful basis for the design and development of SDN controllers that can be used in vehicles.

      @InProceedings{   rhmks-rapesc-20,
        author        = {Randolf Rotermund and Timo H{\"a}ckel and Philipp Meyer
                        and Franz Korf and Thomas C. Schmidt},
        title         = {{Requirements Analysis and Performance Evaluation of {SDN}
                        Controllers for Automotive Use Cases}},
        booktitle     = {2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC
                        2020)},
        location      = {Online},
        month         = dec,
        year          = 2020,
        publisher     = {IEEE Press},
        address       = {Piscataway, NJ, USA},
        doi           = {10.1109/VNC51378.2020.9318378},
        abstract      = {Future vehicles will be more connected than ever leading
                        to increased dynamics in vehicle on-board networks.
                        Software-Defined Networking (SDN) is a promising technology
                        to meet the emerging needs for flexibility and security in
                        future automotive use cases. Although SDN controllers have
                        been evaluated in data center networks, to the best of our
                        knowledge there is a lack of an analysis and performance
                        evaluation of SDN controllers for automotive use cases. In
                        this work we provide a detailed requirements analysis for
                        the use of SDN controllers in cars. Based on this
                        requirements analysis we choose existing controller
                        implementations for a performance analysis. Finally, we
                        analyze automotive specific use cases for SDN controllers
                        with controller application examples and show how these can
                        fulfill additional requirements. Our evaluation provides a
                        helpful basis for the design and development of SDN
                        controllers that can be used in vehicles.},
        groups        = {own, sdn, automotive, performance-analysis, publications}
      }
    • Philipp Meyer, Timo Häckel, Franz Korf, and Thomas C. Schmidt. Network Anomaly Detection in Cars based on Time-Sensitive Ingress Control. In: 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall). Piscataway, NJ, USA, Nov. 2020, IEEE Press,
      [Abstract], [Fulltext Document (pdf)], [Slides (pdf)], [Bibtex]

      Connected cars need robust protection against network attacks. Network anomaly detection and prevention on board will be particularly fast and reliable when situated on the lowest possible layer. Blocking traffic on a low layer, however, causes severe harm if triggered erroneously by falsely positive alarms. In this paper, we introduce and evaluate a concept for detecting anomalous traffic using the ingress control of Time-Sensitive Networking (TSN). We build on the idea that already defined TSN traffic descriptors for in-car network configurations are rigorous, and hence any observed violation should not be a false positive. Also, we use Software-Defined Networking (SDN) technologies to collect and evaluate ingress anomaly reports, to identify the generating flows, and to ban them from the network. We evaluate our concept by simulating a real-world zonal network topology of a future car. Our findings confirm that abnormally behaving individual flows can indeed be reliably segregated with zero false positives.

      @InProceedings{   mhks-nadci-20,
        author        = {Philipp Meyer and Timo H{\"a}ckel and Franz Korf and
                        Thomas C. Schmidt},
        title         = {{Network Anomaly Detection in Cars based on Time-Sensitive
                        Ingress Control}},
        booktitle     = {2020 IEEE 92nd Vehicular Technology Conference
                        (VTC2020-Fall)},
        location      = {Online},
        month         = nov,
        year          = 2020,
        publisher     = {IEEE Press},
        address       = {Piscataway, NJ, USA},
        abstract      = {Connected cars need robust protection against network
                        attacks. Network anomaly detection and prevention on board
                        will be particularly fast and reliable when situated on the
                        lowest possible layer. Blocking traffic on a low layer,
                        however, causes severe harm if triggered erroneously by
                        falsely positive alarms. In this paper, we introduce and
                        evaluate a concept for detecting anomalous traffic using
                        the ingress control of Time-Sensitive Networking (TSN). We
                        build on the idea that already defined TSN traffic
                        descriptors for in-car network configurations are rigorous,
                        and hence any observed violation should not be a false
                        positive. Also, we use Software-Defined Networking (SDN)
                        technologies to collect and evaluate ingress anomaly
                        reports, to identify the generating flows, and to ban them
                        from the network. We evaluate our concept by simulating a
                        real-world zonal network topology of a future car. Our
                        findings confirm that abnormally behaving individual flows
                        can indeed be reliably segregated with zero false
                        positives.},
        groups        = {own, publications, simulation, tsn, security, sdn,
                        anomaly-detection},
        langid        = {english}
      }