Publications

Publications in 2020 (English)

Filter by Year: All, 2021, 2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008,
Filter by Type: All, Book, Article, Chapter, Conference Proceedings, Edited Conference Proceedings, Master Thesis, Bachelor Thesis, Technical Report, Miscellaneous,
Filter by Language: All, English, German,

    2020

    • Philipp Meyer, Timo Häckel, Franz Korf, and Thomas C. Schmidt. Network Anomaly Detection in Cars based on Time-Sensitive Ingress Control. In: 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall). Pages 1—5, Piscataway, NJ, USA, Nov. 2020, IEEE Press,
      [Abstract], [Fulltext Document (pdf)], [Slides (pdf)], [DOI], [Bibtex]

      Connected cars need robust protection against network attacks. Network anomaly detection and prevention on board will be particularly fast and reliable when situated on the lowest possible layer. Blocking traffic on a low layer, however, causes severe harm if triggered erroneously by falsely positive alarms. In this paper, we introduce and evaluate a concept for detecting anomalous traffic using the ingress control of Time-Sensitive Networking (TSN). We build on the idea that already defined TSN traffic descriptors for in-car network configurations are rigorous, and hence any observed violation should not be a false positive. Also, we use Software-Defined Networking (SDN) technologies to collect and evaluate ingress anomaly reports, to identify the generating flows, and to ban them from the network. We evaluate our concept by simulating a real-world zonal network topology of a future car. Our findings confirm that abnormally behaving individual flows can indeed be reliably segregated with zero false positives.

      @InProceedings{   mhks-nadci-20,
        author        = {Philipp Meyer and Timo H{\"a}ckel and Franz Korf and
                        Thomas C. Schmidt},
        title         = {{Network Anomaly Detection in Cars based on Time-Sensitive
                        Ingress Control}},
        booktitle     = {2020 IEEE 92nd Vehicular Technology Conference
                        (VTC2020-Fall)},
        location      = {Online},
        month         = nov,
        year          = 2020,
        pages         = {1--5},
        publisher     = {IEEE Press},
        address       = {Piscataway, NJ, USA},
        doi           = {10.1109/VTC2020-Fall49728.2020.9348746},
        abstract      = {Connected cars need robust protection against network
                        attacks. Network anomaly detection and prevention on board
                        will be particularly fast and reliable when situated on the
                        lowest possible layer. Blocking traffic on a low layer,
                        however, causes severe harm if triggered erroneously by
                        falsely positive alarms. In this paper, we introduce and
                        evaluate a concept for detecting anomalous traffic using
                        the ingress control of Time-Sensitive Networking (TSN). We
                        build on the idea that already defined TSN traffic
                        descriptors for in-car network configurations are rigorous,
                        and hence any observed violation should not be a false
                        positive. Also, we use Software-Defined Networking (SDN)
                        technologies to collect and evaluate ingress anomaly
                        reports, to identify the generating flows, and to ban them
                        from the network. We evaluate our concept by simulating a
                        real-world zonal network topology of a future car. Our
                        findings confirm that abnormally behaving individual flows
                        can indeed be reliably segregated with zero false
                        positives.},
        groups        = {own, publications, simulation, tsn, security, sdn,
                        anomaly-detection},
        langid        = {english}
      }
    • Mehmet Cakir. Simulation-Based Evaluation of a Delay-Based Forwarding Concept. Oct. 2020, Talk.
      [Abstract], [Fulltext Document (pdf)], [Slides (pdf)], [Bibtex]

      Quality-of-Service (QoS) mechanisms can prioritize a particular network flow with IntServ. Clemm and Eckert propose Latency-Based Forwarding (LBF) as a novel approach to provide support for high-precision latency objectives. It prioritizes traffic with introducing packet metadata which carries latency objectives. With that metadata different actions will be taken at network nodes. A Proof-of-Concept has been developed using Big Packet Protocol (BPP). So in contrast to IntServ LBF supports prioritizing specific packets. The purpose is to provide fairness among different applications. For example packets that aren't urgent as others can be chosen sent later as the urgent ones. Clemm and Eckert contacted us to enable further investigations for the LBF mechanism with OMNeT++. We want to compare our simulation results to the emulation results. The goal is to validate the results of Clemm and Eckert with ours.

      @Misc{            c-sedbf-20,
        author        = {Mehmet Cakir},
        title         = {{Simulation-Based Evaluation of a Delay-Based Forwarding
                        Concept}},
        howpublished  = {OMNeT++ Community Summit 2020},
        month         = oct,
        year          = 2020,
        abstract      = {Quality-of-Service (QoS) mechanisms can prioritize a
                        particular network flow with IntServ. Clemm and Eckert
                        propose Latency-Based Forwarding (LBF) as a novel approach
                        to provide support for high-precision latency objectives.
                        It prioritizes traffic with introducing packet metadata
                        which carries latency objectives. With that metadata
                        different actions will be taken at network nodes. A
                        Proof-of-Concept has been developed using Big Packet
                        Protocol (BPP). So in contrast to IntServ LBF supports
                        prioritizing specific packets. The purpose is to provide
                        fairness among different applications. For example packets
                        that aren't urgent as others can be chosen sent later as
                        the urgent ones. Clemm and Eckert contacted us to enable
                        further investigations for the LBF mechanism with OMNeT++.
                        We want to compare our simulation results to the emulation
                        results. The goal is to validate the results of Clemm and
                        Eckert with ours.},
        note          = {Talk},
        groups        = {own, publications, simulation, delay-based forwarding},
        langid        = {english}
      }
    • Sebastian Szancer. Concept of a V2X Application-Level Gateway with Context-sensitive Semantic Analysis of Application Data - Hauptprojekt. May. 2020,
      [Abstract], [Fulltext Document (pdf)], [Bibtex]

      Modern cars communicate with a variety of entities ranging from other vehicles and infrastructure, such as traffic lights, to Internet-based services running on remote servers. This V2X communication enables the realisation of innovative functionality such as ''over the air'' ECU software updates, optimised navigation and route planning or coordinated autonomous driving. It is necessary that V2X communication is appropriately secured, especially since it includes safety-critical communication. This can be done with a V2X Security Gateway in the vehicle, which serves as a proxy for vehicle-internal services communicating with the outside world and ensures cryptographic security as well as security on the internet-, transport- and application layer. A central component of such a V2X Security Gateway is the V2X Application-Level Gateway, which ensures security on the application layer, including a context-sensitive semantic analysis of application data. It also realises the proxy-functionality and ensures cryptographic security. This paper presents a concept and prototype implementation of such a V2X Application-Level Gateway for IP-based traffic. The implementation was evaluated with the V2X Application-Level Gateway software run on an Intel NUC integrated in a test network representing an internal vehicle network. In this network, consisting of an Edgecore SDN switch and Intel NUCs and Raspberry Pis representing vehicle ECUs, the scenario of remotely controlling the vehicle trunk was simulated.

      @TechReport{      s-vacsa-20,
        author        = {Sebastian Szancer},
        title         = {{Concept of a V2X Application-Level Gateway with
                        Context-sensitive Semantic Analysis of Application Data -
                        Hauptprojekt}},
        month         = may,
        year          = 2020,
        institution   = {CoRE Research Group, Hochschule f{\"u}r Angewandte
                        Wissenschaften Hamburg},
        abstract      = {Modern cars communicate with a variety of entities ranging
                        from other vehicles and infrastructure, such as traffic
                        lights, to Internet-based services running on remote
                        servers. This V2X communication enables the realisation of
                        innovative functionality such as ''over the air'' ECU
                        software updates, optimised navigation and route planning
                        or coordinated autonomous driving. It is necessary that V2X
                        communication is appropriately secured, especially since it
                        includes safety-critical communication. This can be done
                        with a V2X Security Gateway in the vehicle, which serves as
                        a proxy for vehicle-internal services communicating with
                        the outside world and ensures cryptographic security as
                        well as security on the internet-, transport- and
                        application layer. A central component of such a V2X
                        Security Gateway is the V2X Application-Level Gateway,
                        which ensures security on the application layer, including
                        a context-sensitive semantic analysis of application data.
                        It also realises the proxy-functionality and ensures
                        cryptographic security. This paper presents a concept and
                        prototype implementation of such a V2X Application-Level
                        Gateway for IP-based traffic. The implementation was
                        evaluated with the V2X Application-Level Gateway software
                        run on an Intel NUC integrated in a test network
                        representing an internal vehicle network. In this network,
                        consisting of an Edgecore SDN switch and Intel NUCs and
                        Raspberry Pis representing vehicle ECUs, the scenario of
                        remotely controlling the vehicle trunk was simulated.},
        groups        = {own, seminar, security},
        langid        = {english}
      }
    • Jonas Schäufler. Anomaly detection of attacks on LIDAR based automotive perception systems - Hauptprojekt. Mar. 2020,
      [Fulltext Document (pdf)], [Bibtex]
      @TechReport{      s-adalb-20,
        author        = {Jonas Sch{\"a}ufler},
        title         = {{Anomaly detection of attacks on LIDAR based automotive
                        perception systems - Hauptprojekt}},
        month         = mar,
        year          = 2020,
        institution   = {CoRE Research Group, Hochschule f{\"u}r Angewandte
                        Wissenschaften Hamburg},
        groups        = {own, seminar, security},
        langid        = {english}
      }