The 6th edition of the conference was split in two parts, the morning sessions focused on automated driving challenges, such as the use of machine learning for creating synthetic datasets and pedestrian detection. The afternoon was about security! We therefore briefly summarise some of the talks. If they sound interesting to you, just use the link to read their paper in detail. Also, don’t hesitate to have a look at the entire proceeding here.
Challenges and Directions for Automated Driving Security by David Förster et al.
In this paper, the authors identify the challenges and directions that arose during the development of a series SAE L3 automated driving system (L3 implies that the driver is not supervising the system anymore when the function is active). The seven challenges and directions identified are:
- System-level security analysis: Due to the increased complexity of the automated system it is also becoming increasingly difficult to ensure the correctness of the threat analysis and risk assessment (TARA). Therefore, the authors suggest model-based systems engineering (MBSE) as a possible approach to handle the rising complexity. Other recommendations are, for instance, to strengthen the collaboration between security and safety experts/engineers as security mechanisms shall not interfere with the safety requirements.
- Software robustness and software security: The authors highlight that robustness requirements have a strong overlap with security and further outline how security can contribute to robustness.
- Follow cybersecurity best practices: Cybersecurity and best practices should be followed, for example, cryptographic best practices should be taken into account, a layered security approach should be implemented, a security life cycle management should be established and more. Herein, the authors also highlight that the difference between safety and security needs to be understood by everyone involved, e.g., CRC checksums are not a security measure, they are rather protecting against random faults.
- Attacks on sensors and other external input: Among others, they underline that understanding threats against sensors is a cross-disciplinary effort requiring expertise from security, sensor development, AI and others, in order to perform a systematic analysis to understand these threats.
- Availability requirements: CAN and other bus technologies are fundamentally vulnerable to denial-of-service attacks as soon as a node connected to this bus is fully compromised. Therefore, the authors recommend redundant communication or change of the topology, e.g., star- or domain-based architectures. Besides, the authors also underline that the safety of security mechanisms needs to be considered.
- Prevent malicious actuator control: In higher automated vehicles it is necessary that the vehicle motion control (VMC) receives input from much more sources/sensors and thus, one should pay special attention to them as the VMC needs to be considered as a critical resource.
- Monitoring, attack detection and response: As mandated by ISO 21434, it is required to monitor the fleet closely and react to threats and vulnerabilities quickly.
David Förster, Thomas Bruckschlögl, Jason Lee Omer, and Tom Schipper. 2022. Challenges and Directions for Automated Driving Security. In Proceedings of the 6th ACM Computer Science in Cars Symposium (CSCS ’22). Association for Computing Machinery, New York, NY, USA, Article 5, 1–11. https://doi.org/10.1145/3568160.3570224
Systematic Evaluation of Intrusion Detection Datasets by Arash Vahidi et al.
This paper addresses the need for evaluating datasets for the purpose of intrusion detection in automotive systems. By analysing 20 automotive datasets (10 in-vehicle and 7 VANET datasets with the purpose of intrusion/misbehaviour detection, and 3 other potentially relevant datasets), the authors found common deficiencies and identified a set of qualities which are needed for datasets in order to be useful for developing and testing machine learning based intrusion detection systems. These qualities are further structured in form of deficiencies similar to previous work by Castelijns et al. [1] who proposed so-called data readiness levels consisting of 5 band (C, B, A, AA, and AAA).
The proposed evaluation starts in band C, which evaluates the dataset before it is loaded into the environment, e.g., dataset documentation, parseability, objective and the dataset’s age. Once this part of the evaluation reaches a certain threshold, for instance, 85, one can continue with band B. This band consists of qualities/deficiencies like format correctness, dataset size, completeness and whether labels are included and correct. When reaching a score greater than 85 (the defined threshold) the dataset is analysed according to qualities, such as the class balance, the level of detail of the attack documentation, security coverage (the variety of threat types and attack capabilities), and attack realism. Band AA further evaluates the dataset based on diversity and realism, the feature context and documentation, the difficulty (the hardness of the problem) and whether the dataset has been transformed, anonymised, or manipulated in some way.
The evaluation of published dataset shows that only one of the in-vehicle security datasets and two VANET datasets reached band A. It also needs to be noted that the majority of the VANET datasets were results of simulations, only one VANET dataset contained actual recordings. Overall, the authors suggest that future datasets should be systematically evaluated before they are published to improve their usefulness for the research community.
Arash Vahidi, Thomas Rosenstatter, and Nishat I Mowla. 2022. Systematic Evaluation of Automotive Intrusion Detection Datasets. In Proceedings of the 6th ACM Computer Science in Cars Symposium (CSCS ’22). Association for Computing Machinery, New York, NY, USA, Article 6, 1–12. https://doi.org/10.1145/3568160.3570226
[1] Laurens A. Castelijns, Yuri Maas, and Joaquin Vanschoren. 2020. The ABC of Data: A Classifying Framework for Data Readiness. In Machine Learning and Knowledge Discovery in Databases, Peggy Cellier and Kurt Driessens (Eds.). Springer International Publishing, Cham, 3–16.
Analysis of the DoIP Protocol for Security Vulnerabilities by Patrick Wachter and Stephan Kleber.
The authors take a close look at DoIP (diagnostics over Internet protocol) and highlight that DoIP cannot be considered secure for the reason that TLS and client authentication are not mandatory. Five out of the 11 identified vulnerabilities can be fully mitigated, and one can be partly mitigated by TLS. For the other vulnerabilities the authors propose to include client authentication using TLS, access control, and authenticity checks in the identification phase (would require a change of the protocol).
Patrick Wachter and Stephan Kleber. 2022. Analysis of the DoIP Protocol for Security Vulnerabilities. In Proceedings of the 6th ACM Computer Science in Cars Symposium (CSCS ’22). Association for Computing Machinery, New York, NY, USA, Article 9, 1–10. https://doi.org/10.1145/3568160.3570229
A Data Protection-Oriented System Model Enforcing Purpose Limitation for Connected Mobility by Syed-Winkler et al.
This paper shows a system model for implementing purpose limitation of data (GDPR) by using data tagging and attribute-based encryption. The process starts with the user configuring his privacy settings (i.e., which data the user chooses to share) which are further processed so that the privacy manager can read the newly generated policy. Next the privacy manager tags the data in the database and further encrypts sensitive data using attribute-based encryption. The (encrypted) data is further stored in the database together with its tags.
Sarah Syed-Winkler, Sebastian Pape, and Ahmad Sabouri. 2022. A Data Protection-Oriented System Model Enforcing Purpose Limitation for Connected Mobility. In Proceedings of the 6th ACM Computer Science in Cars Symposium (CSCS ’22). Association for Computing Machinery, New York, NY, USA, Article 10, 1–11. https://doi.org/10.1145/3568160.3570231
Written by Thomas Rosenstatter
