2. VDI Conference - IT Security for Vehicles

Registration & welcome coffee

Opening Speech ConCarExpo at the ConCar Forum Stage
The new Era of the Automotive Industry – Digital Revolution and
fully Automated Driving

• Changes in the automotive industry over the next years
• The way to fully automated driving
• Common challenges for the automotive, CE and IT industry

Dipl.-Inf. Elmar Frickenstein, Senior Vice President Electrics/Electronics
and Driver Environment, BMW Group, Munich, Germany

Chair´s welcome and opening address

Dr.-Ing. H. Gregor Molter, Head of Automotive Security and Privacy
Research, Continental AG, Frankfurt, Germany

ISO Standardization of Automotive Security Engineering (tbd)

• Goals of the Standardization Initiative
• Scope and provisional structure
• Challenges and options

Dr. Gido Scharfenberger-Fabian, Development Engineer, Research &
Development, Carmeq GmbH, Berlin, Germany

Secure SOTA – A Comprehensive Cyber Security Framework

Dr. André Weimerskirch, Associate Research Scientist, Mobility
Transformation Center (MTC), Transportation Research Institute (UMTRI),
University of Michigan, Ann Arbor, MI USA

OTA Updates – Lessons Learned

Roger Ordman, Director, Marketing, HARMAN International, Tel Aviv,
Israel, co-author: Rudolf von Stokar, HARMAN, Redbend, Munich, Germany

The Commercial Impact of OTA

Dipl. Inform. (FH) Jürgen Daunis, Sales Director Automotive, Ericsson
GmbH, Dusseldorf, Germany

Panel Discussion: Demystifying Software
Updates – Myth, Fact, and Lessons in Success

Moderator: Beau Woods, Cyber Safety Advocate,
I Am The Cavalry, Atlanta, Georgia, USA

Panelists: Dr. André Weimerskirch, Roger Ordman,
Dipl. Inform. (FH) Jürgen Daunis

Lunch & visit of the accompanying trade exhibition ConCarExpo

Security of Connected Cars from
a Hacker´s Perspective

• Think like a hacker
• Attack vectors in connected cars and attacker methodologies
• Common vulnerabilities we have seen
• Defenses and looking into the future

Corey Thuen, Senior Security Consultant, Hackers, IOActive, Seattle, WA, USA

New Directions of Hardware Based Cryptographic Modules
for Modern Cars

• Changes in the world of cryptography for cars
• Ideas for freely available Hardware Security Modules (HSMs)
• Open source/open hardware

Prof. Dr. Steffen Reith, Professor, Institute Theoretical Computer Sciences,
Hochschule Rhein Main, Wiesbaden, Germany

Hardware Security Modules in Automotive Software Projects

• Technical basics
• HSMs as a secured environment
• Software concepts and performance considerations

André Himmighofen, M.Sc., Project Manager, Software Development,
Easycore GmbH, Erlangen, Germany

Networking & coffee break

TPM 2.0 for Securing Automotive Electronic Control Units

• Requirements for hardware-security-modules and software-stacks for
  securing vehicles
• Addressing these requirements with TPM 2.0 and TPM software stack
• Functional profiles and implementation choices
• Example use cases: Remote firmware up-date, piracy- and privacy-protection

Prof. Dr. Christoph Krauß, Head of Department Cyberphysical Systems
Security, Fraunhofer Institute for Secure Information Technology SIT,
Darmstadt, Germany

Automotive Security – An Update on Standardization
in AUTOSAR

• New market trends forcing the automotive industry to progressively
  consider security aspects in their products
• Motivation for standardization
• Overview on supported security features and functions in the standard
• Outlook to future security activities in AUTOSAR

Dipl.-Ing. Adrian Baruta, Senior Control Engineer, Vehicle Control Group
Electronics Engineering, Toyota Motor Europe, Zaventem, Belgium

Privacy Preservation in Driverless Cars

• Demand for privacy and driverless complications
• Potential solutions to complicated demand
• Example on privacy preserving systems
• Future Outlook

Davi Ottenheimer M.Sc., President, flyingpenguin, San Francisco,
California, USA

Chair´s remarks

End of conference day one and Get-together

At the end of the first conference day we kindly invite you to use the
relaxed and informal atmosphere for in-depth conversations with
other participants and Speakers.

Privacy and Data Protection

• Legal up-date on privacy and data protection issues
• How will the EU Commission promote a European data economy
• Data-related business aspects for connected cars and automated driving

Dr. Florent Frederix, Principal Administrator, Trust and Security Unit,
Directorate-General for Communications Networks, Content and Technology,
European Commission, Brussels, Belgium

Ring Signatures and Anonymous Credentials aimed to
Privacy Preserving Authentication in Car2X Communication

• Anonymous credential systems
• Application-specific authorization tickets
• Vehicular ad-hoc networks and ring signatures
• Anonymous Car2X communication protocol:
  Experimental validation results

Prof. Dr.-Ing. Sorin Alexander Huss, Professor Computer Science i.R.,
TU Darmstadt, co-author: Dipl.-Inform. Carsten Büttner, Adam Opel AG,
Rüsselsheim, Germany

Networking & coffee break

Secure Integration and Operation of a Vehicle
Communication Gateway

• Attacks on connected vehicles
• Intrusion detection and intrusion response mechanisms
• Trusted software and secure over-the-air updates
• Secure in-vehicle communication

Dr.-Ing. Norbert Bißmeyer, Security Engineer, Research and Development,
ESCRYPT GmbH, Bochum, Germany

Wireless Link – The weakest Link in the Chain?

• What are out-of-bound attacks?
• The challenge to connected car security
• Security life cycle and the role of detection
• Wireless intrusion – detection and mitigation

Yuval Weissglas, Co-Founder & CTO, TowerSec, Ann Arbor, Michigan, USA

Lunch & visit of the accompanying trade exhibition ConCarExpo

Anonymity and Security in a Scalable Cloud Environment

• Service to ensure anonymity
• New Services that demand to know the driver
• The effect of DevOps on software quality and security
• Securing the clout IT campus

Dipl.-Ing. (FH) Thomas Fleischmann, Head of Department, Connected Car,
Elektrobit Automotive GmbH, Erlangen, Germany

Cloud as an Enabler for Elasticity in Telematics Services –
Comes with Challenges from the Cyber Security Perspective

• Monitoring
• Identity and Access Management (IAM)
• Legal issues: Compliance, data protection and SLAs
• Incident response and forensics
• Auditing

Jonas Halldin, Information Security Architect, co-author: Ola Dawidson,
Ph.D., M.Sc., Volvo Group Telematics, Gothenburg, Sweden

Networking & coffee break

Applying Lessons Learned in Cyber Security to Vehicles

• Cyber security
• Attacks and countermeasures
• Risk mitigation

Marc Hammond, Senior Manager, IOE Security Services, Cisco, Chicago, IL, USA

Automotive Cyber Security Testing and Validation

• Security testing and validation as part of the automotive
  cyber security lifecycle
• How is security test different from other kinds of testing?
• What testing activities are appropriate?
• Security validation and assurance

Paul Wooderson, Senior Functional Safety/Cyber Security Engineer, Systems
and Safety, HORIBA MIRA Ltd., Warwickshire, United Kingdom

Future Automotive Security

• Authentication and authorization with convenience:
  From NFC to biometrics
• Real end-to-end view on integrated safety & security
• Cyber security within the vehicle

Dipl.-Oek. Mark Großer, Managing Consultant – Leader Risk, Security &
Compliance, Cluster Industry, Detecon International GmbH, Germany
Ari Teman, CEO, Friend or Fraud, USA

Chair´s closing remarks

End of conference