Zusammenfassung
Die zunehmende Komplexität der elektronischen Systeme im Fahrzeug sowie die Vernetzung mit der Außenwelt erhöhen das Risiko für Fahrzeuge, Ziel von Cyberangriffen zu werden. Automotive Cybersecurity identifiziert diese Risiken und führt Methoden und Maßnahmen ein, um sie zu reduzieren. In diesem Kapitel werden die grundlegenden Fachbegriffe und kryptographische Grundlagen eingeführt. Außerdem werden Bedeutung und Nutzen von Cybersecurity für den Automobilbereich erörtert und die größten Herausforderungen beleuchtet.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Der Einfachheit halber werden zu Demonstrationszwecken die Alphabete der Klartext- und Ciphertexträume und damit auch der Schlüsselraum auf die 26 lateinischen Großbuchstaben beschränkt.
- 2.
Jeder der n Teilnehmer benötigt zunächst n-1 Schlüssel. Für symmetrische Verfahren wird auf beiden Seiten jedoch der gleiche Schlüssel benötigt, deshalb der Faktor 0,5.
- 3.
An die Zahl g werden bestimmte Anforderungen gestellt, s. math. Grundlagen.
- 4.
Um das höchste Maß an Sicherheit zu erreichen sollte die Zertifikatskette bis zur Root-CA der PKI überprüft werden.
Literatur
Amorim, T., et al. (2017). Systematic pattern approach for safety and security co-engineering in the automotive domain. Lecture Notes in Computer Science, 329–342. https://doi.org/10.1007/978-3-319-66266-4_22.
Avizienis, A., et al. (2004). Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1(1), 11–33. https://doi.org/10.1109/tdsc.2004.2.
Bernstein, D. J., et al. (2013). Factoring RSA keys from certified smart cards: Coppersmith in the wild. International Conference on the Theory and Application of Cryptology and Information Security. Springer.
Bogdanov, A., et al. (2011). Biclique cryptanalysis of the Full AES. Lecture notes in computer science, 344–371. https://doi.org/10.1007/978-3-642-25385-0_19
Bundesamt für Sicherheit in der Informationstechnik. (2021). Technische Richtlinie BSI TR-02102–1 Kryptographische Verfahren: Empfehlungen und Schlüssellängen.
Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654. https://doi.org/10.1109/tit.1976.1055638
European Telecommunications Standards Institute. (2017). TS 102 165–1: CYBER Methods and Protocols. Part 1: Method and Pro Forma for Threat, Vulnerability. Risk Analysis (TVRA). Technical Specification.
Fröschle, S. & Stühring, A. (2017). Analyzing the capabilities of the CAN Attacker. Computer Security – ESORICS 2017, 464–482. https://doi.org/10.1007/978-3-319-66402-6_27
International Electrotechnical Commission. (2003). IEC-60300–3–1: Dependability Management.
ISO. (1989). ISO 7498–2. information processing systems open systems interconnection basic reference model-part 2: Security architecture.
ISO. (2011a). ISO 26262 – Road vehicles – Functional safety, Part 1–10. ISO/TC 22/SC 32 – Electrical and electronic components and general system aspects.
ISO. (2011b). ISO/IEC 27005:2011 – Information technology, security techniques, information security risk management.
ISO. (2020). ISO/SAE DIS 21434 Road Vehicles – Cybersecurity engineering.
Kelsey, J., et al. (1998). Cryptanalytic attacks on pseudorandom number generators. Fast Software Encryption, 168–188. https://doi.org/10.1007/3-540-69710-1_12.
Killmann, W., & Schindler, W. (2011). A proposal for: Functionality classes for random number generators. BSI.
Lee, Y. R., et al. (2004). Multi-party authenticated key agreement protocols from multi-linear forms. Applied Mathematics and Computation, 159(2), 317–331. https://doi.org/10.1016/j.amc.2003.10.018.
Miller, C. & Valasek, C. (2015). Remote exploitation of an unaltered passenger vehicle. Black Hat USA.
Mitre – Common Vulnerabilities and Exposures. (2005). MITRE – CVE. http://cve.mitre.org. Zugriffsdatum 2021-06-01.
Moriarty, K., et al. (2016). PKCS# 1: RSA cryptography specifications version 2.2. Internet Engineering Task Force, Request for Comments, 8017.
Nasser, A. M., et al. (2017). An approach for building security resilience in AUTOSAR based safety critical systems. Journal of Cyber Security and Mobility, 6(3), 271–304. https://doi.org/10.13052/jcsm2245-1439.633.
Nguyen, H. N., et al. (2019). Developing a QRNG ECU for automotive security: Experience of testing in the real-world. 2019 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW). Published. https://doi.org/10.1109/icstw.2019.00033.
Nie, S., et al. (2017). Free-fall: Hacking tesla from wireless to can bus. DEFCON. https://www.blackhat.com/docs/us-17/thursday/us-17-Nie-Free-Fall-Hacking-Tesla-From-Wireless-To-CAN-Bus-wp.pdf. Zugriffsdatum 2021-06-01.
Paar, C., Pelzl, J. & Preneel, B. (2010). Understanding cryptography: A textbook for students and practitioners. Springer.
Ruddle, A., et al. (2009). Security requirements for automotive on-board networks based on dark-side scenarios. EVITA Project.
SAE International. (2016). J3061 – Cybersecurity guidebook for cyber-physical vehicle systems.
SAE on-Road Automated Driving Committee. (2016). SAE J3016. Taxonomy and definitions for terms related to driving Automation systems for on-road motor vehicles.
Shannon, C. E. (1949). Communication theory of secrecy systems*. Bell System Technical Journal, 28(4), 656–715. https://doi.org/10.1002/j.1538-7305.1949.tb00928.x.
Skoglund, M., et al. (2018). In search of synergies in a multi-concern development lifecycle: Safety and cybersecurity. Developments in Language Theory, 302–313. https://doi.org/10.1007/978-3-319-99229-7_26.
Sommer, F., et al. (2019). Survey and classification of automotive security attacks. Information, 10(4), 148. https://doi.org/10.3390/info10040148
Stevens, M., et al. (2007). Chosen-prefix collisions for MD5 and Colliding X.509 Certificates for different identities. Advances in Cryptology - EUROCRYPT, 2007, 1–22. https://doi.org/10.1007/978-3-540-72540-4_1
Stigge, M., et al. (2006). Reversing CRC – Theory and practice. HU Berlin.
Tencent Technology Co. (2018). Experimental security assessment of BMW cars: A summary report. https://keenlab.tencent.com/en/whitepapers/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf. Zugriffsdatum 2021-06-01.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2022 Der/die Autor(en), exklusiv lizenziert durch Springer-Verlag GmbH, DE, ein Teil von Springer Nature
About this chapter
Cite this chapter
Wurm, M. (2022). Grundlagen. In: Automotive Cybersecurity. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-64228-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-662-64228-3_1
Published:
Publisher Name: Springer Vieweg, Berlin, Heidelberg
Print ISBN: 978-3-662-64227-6
Online ISBN: 978-3-662-64228-3
eBook Packages: Computer Science and Engineering (German Language)