International VDI Conference - Cyber Security for Vehicles

Mathias Dehm, Chief Product Security Officer, Continental AG, Germany

• International automotive cyber security regulations are evolving & more national standards adding complexity to international type approval
• China is developing a cyber security and data security standard system for ICV
• Strong references to UNECE, ISO and other international standards
• What additional effort is required if, e.g. ISO standards & UNECE regulations are already implemented in an organization
  Janine Funke, Strategic Area Lead Cybersecurity, co-author: Sergej Weber, both: Kugler Maag Cie by UL Solutions, Germany

• New challenges in terms of cyber security
• AI specific vulnerabilities and risks
• Threats and attacks along the life-cycle
  Vasilios Danos, Artificial Intelligence, Head of AI Security & Trustworthiness, co-author: Thora Market, both: TÜVIT (TÜV NORD GROUP), Germany

• Small OEMs and the need for CSMS/SUMS compliance
• Small OEMs depend on bigger suppliers and OTS components
• Big OEMs‘ business models vs. small manufacturers and special vehicle builders
• Secure communication: Changing configurations of trucks & trailers during operation
  Jan-Peter von Hunnius, Associate Partner and Head of CYRES Consulting, Austria

• Use of exclusive rights to derive value out of data sets, architecture, AI solutions and software
• Contracting for security by design in the multi-tiered automotive supply chain
• Organizing security compliance in light of the new and upcoming European legislation
  Maurits Westerik, Attorney-at-law, co-author: Lot Waemakers, Attorney-at-law, both: Coupry, The Netherlands

• Investigates a realization of the interplay of an in-vehicle IDS system with a monitoring backend system according to UNECE R155
• Digital traces of a real-world cyber attack are mapped to AUTOSAR security events which are integrated into fleet simulations of AUTOSAR events
• The generated data is transferred to a backend system where it is analyzed and different approaches for detecting the attack among a multitude of noise events are evaluated
  Thomas Bitterlich, Senior Automotive Security Consultant, co-authors: Dr.Grit Pientka, both: T-Systems, Max Engelsberger, Vector all: Germany

• Security risks at end of life cycle
• Challenges regarding secure decommissioning
• Best practices
  Mathias Löbl, Security Manager, Bosch Engineering GmbH, Austria

Speaker to be announced

• Post-quantum cryptography
• Embedded Security
• AUTOSAR classic platform
  Claude-Pascal Stöber-Schmidt, Project Manager Security Engineering; co-. authors: Philipp Jungklass & Marco Siebert, all: TT-E1, Embedded Security, IAV GmbH, Germany

At the end of the first conference day, we kindly invite you to use the relaxed and informal atmosphere at our conference dinner for indepth conversations with other participants and speakers.

• Introduction – Deterministic and reliable automotive ethernet requires the toolset of time-sensitive networks
• Security analysis of selected TSN protocols (IEEE 802.1AS gPTP and IEEE 802.1Qav CBS) 
• Analysis of a sample attack in a testbed environment
  Utku Bal, Project Engineer, Energy and Digital Systems Research, Honda R&D Europe (Deutschland) GmbH, Germany

• SDV architectures tend to merge HW, which tends to weaken the cyber security resilience level
• Several solutions and strategies exist in the market to adopt fusion architecture in the same system-on-chip
• The presentation will explore the strategies, missing components or certifications in the existing product roadmaps
• Summarization of the pros/cons of SDV fusion architectures.
  Frederic Ameye, Cybersecurity Lead, Ampere Software Technology, France

• V2X Security ensures the integrity, authenticity, and confidentiality of communications and anonymity of participants
• Misbehavior detection provides measures to identify malfunctioning devices and malicious actors
• Future use cases require the determination of the trustworthiness of external data
• Various techniques support the evaluation of the trustworthiness of data and entities
  Stephan Rein, Consultant - Software Defined Vehicle, msg systems ag, Germany

• Common automotive firmware attack vectors
• Firmware reverse engineering for IP theft and competitor analysis
• Technical countermeasures: exploit mitigations and software protection
• Overcoming implementation challenges for diverse automotive environments
• Future directions in firmware security and industry-academia collaboration
  Tim Blazytko, Chief Scientist, Head of Engineering, emproof, Germany

• Tool based creation of allow list firewall policies
• Multilevel optimization of filter conditions
• Efficient utilization of switch resources
  Alexander Zeeb, Senior Solution Manager Embedded Software, Vector Informatik GmbH, Germany

• Establishing standardized cybersecurity processes in the dynamic automotive industry
• Overcoming challenges by integrating TARA seamlessly
• Standardization and automation of test procedures for faster iteration of tests and integration
• Utilizing model-based TARA for automated test case generation, improving testing efficiency
• Employing a versatile testing platform for diverse interfaces, saving time and resources in the testing lifecycle
  Harald Petschnik, Business Innovation Manager, co-authors: Jürgen Wurzinger & Stefan Marksteiner, all: AVL List GmbH, Austria

• Current cyber security homologation/ vehicle-type-approval setup for global UN-R 155 member states
• Detailed insights into industry experience as security testing provider
• Description of effective attack vectors, techniques and specific tools to conduct full-vehicle penetration test in context of VTA
• Appreciation of full-vehicle penetration testing compared to testing on component level
  Thomas Irmscher, Product Manager Security Testing, co-author: Abdallah Ourad, both: ETAS GmbH, Germany

• Learn how to design more secure vehicle architectures and avoid common security pitfalls at the component (e.g., ECU) and vehicle levels
• Get insights into real-world cases of vulnerabilities found in vehicle architectures
• Practical advice for building testing requirements for Tier 1 suppliers
  Ilya Dubnov, Security Research Team Lead, Argus Cyber Security, Israe