HoliSec Final Open Workshop

Program

09:00 – 09:30 External Research Collaboration for Cybersecurity Work at Volvo Group – Where Are We Heading? – Daniel Karlsson, Volvo AB

The Volvo Group has been engaged in ERC projects in the area of cybersecurity for many years. What is the purpose, and what do they want to achieve with it?

09:30 – 10:15 Intrusion Detection for In-vehicle Networks: Reflection on Practical Challenges and the Road Ahead – Nasser Nowdehi, Volvo Cars; David Thiringer, Chalmers; Sebastian Kvarnström, Chalmers

This session highlights our efforts to study and develop an Intrusion Detection System (IDS) for In-Vehicle Network (IVN). In particular, we (1) motivate the need for developing IDS for IVNs, (2) summarize the state of the art intrusion detection methods for IVNs, (3) describe our proposed method for detecting anomalies on IVN CAN bus, (4) reflect on the lessons learned and the road ahead.

10:15 – 11:00 ESCAR 2018 recap – Tomas Olovsson, Chalmers 

Tomas will talk about the current security issues that the automotive industry is facing, ongoing Swedish research, and important global trends that you should not miss out. 

11:00 – 11:15 AUTOSAR Secured On-Board Communication: Introduction to AUTOSAR’S SecOC Module, and Key Management Techniques Proposal – Bashar Dawood, Arccore

An introduction to AUTOSAR’s SecOC module. What is its purpose and why it’s needed for secure onboard communication in rapidly complexifying automotive solutions? This presentation will also propose key management guidelines for symmetric and asymmetric keys that are used for the SecOC authentication process.

11:15 – 11:30 AUTOSAR Secure Onboard Communication: Goals and Reasoning Behind the Freshness Design – Christian Sandberg, Volvo AB

AUTOSAR Secure Onboard Communication, while providing some examples and guidance, largely leaves it open to OEMs to specify and configure the freshness handling on their own. This presentation provides an overview of an approach to freshness value management along with the underlying design goals and decisions.

11:30 – 11:45 AUTOSAR Secured On-Board Communication: Testing SecOC with Various Communication Methodology – Kaushik Naik and Brian Katumba, Volvo AB  

A physical demonstration of different communication configurations for the protocol-agnostic SecOC module. Specifically CAN and Ethernet. This presentation will showcase the feasibility of the module and the test results from the work accomplished.

11:45 – 12.45 Lunch break and Demos (coffee and sandwiches will be served) 

12:45 – 13:30 State of The Art of Secure Vehicular Communication and Design – Thomas Rosenstatter, Chalmers; Alojscha Lautenbach, Chalmers; Nasser Nowdehi, Volvo Cars

This session highlights our work with secure communication and engineering, in particular: (1) how to classify security in the automotive domain and further provide a mapping to appropriate security mechanisms based on the results of a Threat Analysis and Risk Assessment (TARA),  (2) an evaluation of promising CAN message authentication solutions based on five industrial criteria, and (3) a preliminary assessment of the security impact of using the new 5G communication standard for V2X applications.

13:30 – 14:15 Evolving Threat Analysis Techniques to Catch What Matters – Katja Tuma, Gothenburg University; Mathias Widman, Volvo AB

This talk is focused on two problems that arise in the state of the art of threat analysis of software systems: the problem of high effort and low recall of threat analysis techniques. It gives an overview of the proposed solutions that were collaboratively developed in the context of HoliSec. We also discuss the challenges and implications of industrial practice.

14:15 – 15:00 Interplay Between Safety and Security – Peter Folkesson, RISE  

RISE will present a study of the interplay between safety and security using model-implemented fault injection.

15:00 – 15:45 Bug Bounties In the Automotive Domain – The Past and the Road Ahead – Ana Magazinius, RISE Viktoria; Jonas Magazinius, Assured 

The focus of this session is two-fold. First, we will talk about the results of the work that was done toward a bug bounty that was planned as part of HoliSec but could not be finalized. Further, we will present the state of research on bug bounties, as well as some new insights related to the topic.