Publications in 2020 (English)
Filter by Year: All, 2022, 2021, 2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008,Filter by Type: All, Book, Article, Chapter, Conference Proceedings, Edited Conference Proceedings, Master Thesis, Bachelor Thesis, Technical Report, Miscellaneous,
Filter by Language: All, English, German,
2020
- Philipp Meyer, Timo Häckel, Franz Korf, and Thomas C. Schmidt. Network Anomaly Detection in Cars based on Time-Sensitive Ingress Control. In: 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall). Pages 1—5, Piscataway, NJ, USA, Nov. 2020, IEEE Press,
[Abstract], [Fulltext Document (pdf)], [Slides (pdf)], [DOI], [Bibtex]Connected cars need robust protection against network attacks. Network anomaly detection and prevention on board will be particularly fast and reliable when situated on the lowest possible layer. Blocking traffic on a low layer, however, causes severe harm if triggered erroneously by falsely positive alarms. In this paper, we introduce and evaluate a concept for detecting anomalous traffic using the ingress control of Time-Sensitive Networking (TSN). We build on the idea that already defined TSN traffic descriptors for in-car network configurations are rigorous, and hence any observed violation should not be a false positive. Also, we use Software-Defined Networking (SDN) technologies to collect and evaluate ingress anomaly reports, to identify the generating flows, and to ban them from the network. We evaluate our concept by simulating a real-world zonal network topology of a future car. Our findings confirm that abnormally behaving individual flows can indeed be reliably segregated with zero false positives.
@InProceedings{ mhks-nadci-20, author = {Philipp Meyer and Timo H{\"a}ckel and Franz Korf and Thomas C. Schmidt}, title = {{Network Anomaly Detection in Cars based on Time-Sensitive Ingress Control}}, booktitle = {2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall)}, location = {Online}, month = nov, year = 2020, pages = {1--5}, publisher = {IEEE Press}, address = {Piscataway, NJ, USA}, doi = {10.1109/VTC2020-Fall49728.2020.9348746}, abstract = {Connected cars need robust protection against network attacks. Network anomaly detection and prevention on board will be particularly fast and reliable when situated on the lowest possible layer. Blocking traffic on a low layer, however, causes severe harm if triggered erroneously by falsely positive alarms. In this paper, we introduce and evaluate a concept for detecting anomalous traffic using the ingress control of Time-Sensitive Networking (TSN). We build on the idea that already defined TSN traffic descriptors for in-car network configurations are rigorous, and hence any observed violation should not be a false positive. Also, we use Software-Defined Networking (SDN) technologies to collect and evaluate ingress anomaly reports, to identify the generating flows, and to ban them from the network. We evaluate our concept by simulating a real-world zonal network topology of a future car. Our findings confirm that abnormally behaving individual flows can indeed be reliably segregated with zero false positives.}, groups = {own, publications, simulation, tsn, security, sdn, anomaly-detection}, langid = {english} } - Mehmet Cakir. Simulation-Based Evaluation of a Delay-Based Forwarding Concept. Oct. 2020, Talk.
[Abstract], [Fulltext Document (pdf)], [Slides (pdf)], [Bibtex]Quality-of-Service (QoS) mechanisms can prioritize a particular network flow with IntServ. Clemm and Eckert propose Latency-Based Forwarding (LBF) as a novel approach to provide support for high-precision latency objectives. It prioritizes traffic with introducing packet metadata which carries latency objectives. With that metadata different actions will be taken at network nodes. A Proof-of-Concept has been developed using Big Packet Protocol (BPP). So in contrast to IntServ LBF supports prioritizing specific packets. The purpose is to provide fairness among different applications. For example packets that aren't urgent as others can be chosen sent later as the urgent ones. Clemm and Eckert contacted us to enable further investigations for the LBF mechanism with OMNeT++. We want to compare our simulation results to the emulation results. The goal is to validate the results of Clemm and Eckert with ours.
@Misc{ c-sedbf-20, author = {Mehmet Cakir}, title = {{Simulation-Based Evaluation of a Delay-Based Forwarding Concept}}, howpublished = {OMNeT++ Community Summit 2020}, month = oct, year = 2020, abstract = {Quality-of-Service (QoS) mechanisms can prioritize a particular network flow with IntServ. Clemm and Eckert propose Latency-Based Forwarding (LBF) as a novel approach to provide support for high-precision latency objectives. It prioritizes traffic with introducing packet metadata which carries latency objectives. With that metadata different actions will be taken at network nodes. A Proof-of-Concept has been developed using Big Packet Protocol (BPP). So in contrast to IntServ LBF supports prioritizing specific packets. The purpose is to provide fairness among different applications. For example packets that aren't urgent as others can be chosen sent later as the urgent ones. Clemm and Eckert contacted us to enable further investigations for the LBF mechanism with OMNeT++. We want to compare our simulation results to the emulation results. The goal is to validate the results of Clemm and Eckert with ours.}, note = {Talk}, groups = {own, publications, simulation, delay-based forwarding}, langid = {english} } - Sebastian Szancer. Concept of a V2X Application-Level Gateway with Context-sensitive Semantic Analysis of Application Data - Hauptprojekt. May. 2020,
[Abstract], [Fulltext Document (pdf)], [Bibtex]Modern cars communicate with a variety of entities ranging from other vehicles and infrastructure, such as traffic lights, to Internet-based services running on remote servers. This V2X communication enables the realisation of innovative functionality such as ''over the air'' ECU software updates, optimised navigation and route planning or coordinated autonomous driving. It is necessary that V2X communication is appropriately secured, especially since it includes safety-critical communication. This can be done with a V2X Security Gateway in the vehicle, which serves as a proxy for vehicle-internal services communicating with the outside world and ensures cryptographic security as well as security on the internet-, transport- and application layer. A central component of such a V2X Security Gateway is the V2X Application-Level Gateway, which ensures security on the application layer, including a context-sensitive semantic analysis of application data. It also realises the proxy-functionality and ensures cryptographic security. This paper presents a concept and prototype implementation of such a V2X Application-Level Gateway for IP-based traffic. The implementation was evaluated with the V2X Application-Level Gateway software run on an Intel NUC integrated in a test network representing an internal vehicle network. In this network, consisting of an Edgecore SDN switch and Intel NUCs and Raspberry Pis representing vehicle ECUs, the scenario of remotely controlling the vehicle trunk was simulated.
@TechReport{ s-vacsa-20, author = {Sebastian Szancer}, title = {{Concept of a V2X Application-Level Gateway with Context-sensitive Semantic Analysis of Application Data - Hauptprojekt}}, month = may, year = 2020, institution = {CoRE Research Group, Hochschule f{\"u}r Angewandte Wissenschaften Hamburg}, abstract = {Modern cars communicate with a variety of entities ranging from other vehicles and infrastructure, such as traffic lights, to Internet-based services running on remote servers. This V2X communication enables the realisation of innovative functionality such as ''over the air'' ECU software updates, optimised navigation and route planning or coordinated autonomous driving. It is necessary that V2X communication is appropriately secured, especially since it includes safety-critical communication. This can be done with a V2X Security Gateway in the vehicle, which serves as a proxy for vehicle-internal services communicating with the outside world and ensures cryptographic security as well as security on the internet-, transport- and application layer. A central component of such a V2X Security Gateway is the V2X Application-Level Gateway, which ensures security on the application layer, including a context-sensitive semantic analysis of application data. It also realises the proxy-functionality and ensures cryptographic security. This paper presents a concept and prototype implementation of such a V2X Application-Level Gateway for IP-based traffic. The implementation was evaluated with the V2X Application-Level Gateway software run on an Intel NUC integrated in a test network representing an internal vehicle network. In this network, consisting of an Edgecore SDN switch and Intel NUCs and Raspberry Pis representing vehicle ECUs, the scenario of remotely controlling the vehicle trunk was simulated.}, groups = {own, seminar, security}, langid = {english} } - Jonas Schäufler. Anomaly detection of attacks on LIDAR based automotive perception systems - Hauptprojekt. Mar. 2020,
[Fulltext Document (pdf)], [Bibtex]@TechReport{ s-adalb-20, author = {Jonas Sch{\"a}ufler}, title = {{Anomaly detection of attacks on LIDAR based automotive perception systems - Hauptprojekt}}, month = mar, year = 2020, institution = {CoRE Research Group, Hochschule f{\"u}r Angewandte Wissenschaften Hamburg}, groups = {own, seminar, security}, langid = {english} }