| Module: | Automotive Security |
| Module numbers: | 30.2616 [PVL 30.2617; Module 30.26160] |
| Language: | english |
| Study programme: | Bachelor 2014 - Katalog I: Anwendungs- und systemorientierte Module
Bachelor dual KESS 2014 - Katalog ESS: Embedded Systems
Bachelor dual KITS 2014 - Katalog ITS: IT-Sicherheit
Bachelor dual KoSI 2014 - Katalog I: Anwendungs- und systemorientierte Module
Bachelor KMI 2014 - Katalog I: Anwendungs- und systemorientierte Module |
| Type of course: | V+S+P = Lecture+Seminar+Practical |
| Weekly hours: | 2+1+1 |
| Credit Points: | 5 |
| Exam: | written exam |
| Registering for exam | explicitly and independent of booking |
| PVL (e.g. Practical): | graded (graded seminar paper) |
| PVL percentage: | 30% |
| Frequency of offering: | each summer semester (lastly in SS 2019) |
| Required knowledge: | IT-Security, Operating Systems, Networking |
| Learning objectives: | The students
- are familiar with automotive systems, the threat landscape, and challenges for implementing security and privacy mechanisms
- can perform threat analysis, risk assessment, and risk treatment systematically
- are able to develop a security architecture for automotive systems using state-of-the-art automotive hardware and software security and privacy mechanisms
|
| Content: | - Overview of vehicles and attack surfaces
- Secure System Design: Threat Analysis, Risk Assessment, Risk Treatment
- Automotive Hardware Security: Microcontroller and Microprocessor security, Hardware Security Modules
- Automotive Software Security: Automotive OS security (e.g., AUTOSAR classic, AUTOSAR Adaptive Platform), application security
- Security Mechanisms and Protocols: Secure/Authenticated Boot, Remote Attestation, Secure Diagnostics, Over The Air (OTA) Update, Theft/Component Protection, Memory Protection Unit (MPU), Resource Isolation (Memory, CPU etc.), Secure Storage, Secure Flashing etc.
- Secure Onboard Communication: Securing bus systems (e.g., CAN, LIN, FlexRay, Automotive Ethernet), AUTOSAR SecOC
- Vehicle2X Security: IEEE 802.11p, Bluetooth, WiFi, 3G/4G/5G, OBD-2
- Security of electric vehicles: ISO/IEC 15118, OCPP etc.
- Automotive security standards and legislation: ISO/IEC 21434, SAE J3061, GDPR
|
| Literature: | - Craig Smith, The Car Hacker's Handbook, A Guide for the Penetration Tester, 2006 http://opengarages.org/handbook/ebook/
- SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems
- ISO/IEC 27001: Information Security Management System
- ISO/IEC 11889: Trusted Platform Module
- C. Miller and C. Valasek. A survey of remote automotive attack surfaces. DEF CON, 2014.
- S. Checkoway et al. Comprehensive experimental analyses of automotive attack surfaces. Proceedings of the 20th USENIX conference on Security (SEC'11).
- Recent scientific literature
|
| Lecture style / Teaching aids: | Seminaristic lecture with practical and seminar / lecture slides, advanced literature |
| Responsibility: | Christoph Krauß |
| Released: | SS 2019 |
| Offered in SS 19: | Krauß,C. / Khondoker |