Skip to main content
SpringerLink
Log in

Technische Security-Bausteine

  • Chapter
  • First Online:
Automotive Cybersecurity

  • 2945 Accesses

Zusammenfassung

Ein mehrschichtiges Verteidigungskonzept besteht aus technischer Sicht aus einer Komposition mehrerer Security-Bausteine mit verschiedenen Schutz- und Verteidigungsmaßnahmen, die ihre Wirkung auf unterschiedlichen Architekturebenen des Gesamtsystems entfalten. In diesem Kapitel werden von der ECU als innerste Schicht bis zur Automotive-Infrastruktur als äußerste Schicht, die technischen Security-Bausteine für alle Ebenen der Fahrzeugarchitektur dargestellt und ausführlich beschrieben. Dabei wird sowohl auf die Schutzziele und Securityanforderungen der jeweiligen Funktionen eingegangen als auch auf konkrete Lösungsmöglichkeiten sowie Abhängigkeiten zu anderen Security-Bausteinen. Nach Möglichkeit wird auf existierende Standards und Best-Practices eingegangen, aber alternative Umsetzungen werden ebenso erörtert. Als Hauptgegenstand dieses Buchs zielt dieses Kapitel darauf ab, einen möglichst breiten und gleichermaßen tiefen Einblick in die technischen Security-Bausteine zu geben.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Beispielsweise könnte der blockierte Zugriff auf die (geheimen) SecOC-Schlüssel dazu führen, dass das Steuergerät keine authentisierten Botschaften mehr absenden kann. Das potenziell kompromittierte Steuergerät könnte zwar grundsätzlich mit den anderen Busteilnehmern kommunizieren, aufgrund des blockierten Schlüsselspeichers jedoch keine securityrelevanten Botschaften mehr versenden. Andere Busteilnehmer sind in der Lage, derartige Situation zu erkennen und ggf. zu reagieren.

  2. 2.

    Authenticated Boot: Auswertung und Reaktion der SecureBoot-Prüfung erfolgt erst beim nächsten Booten. So wäre eine Fehlersuche und -behebung möglich.

  3. 3.

    Der Schutz der Vertraulichkeit wird von SecOC nicht unterstützt.

  4. 4.

    PDU = Botschaft, I-PDU ist eine sog. Interaction-PDU (PDU auf höherer Ebene in der Autosar-Architektur).

  5. 5.

    ggf. auch indirekt, als Opfer eines Social Engineering-Angriffs.

Literatur

  1. Abadi, M., et al. (2009). Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security, 13(1), 1–40. https://doi.org/10.1145/1609956.1609960

    Article  Google Scholar 

  2. Abodunrin, D., et al. (2015). Some dangers from 2G networks legacy support and a possible mitigation. In 2015 IEEE Conference on Communications and Network Security (CNS). https://doi.org/10.1109/cns.2015.7346872.

  3. Alrabady, A. I. (2002). Security of passive access vehicle. Amsterdam University Press.

    Google Scholar 

  4. Alshamsi, A., & Saito, T. (2005). A technical comparison of IPSec and SSL. In 19th International Conference on Advanced Information Networking and Applications (AINA’05) Volume 1 (AINA papers). https://doi.org/10.1109/aina.2005.70.

  5. ARM Holding. (2011). ARM architecture reference manual ARMv7-A and ARMv7-R edition. Documentation – Arm Developer. https://developer.arm.com/documentation/ddi0406/c/. Zugriffsdatum 2021-06-01.

  6. AUTOSAR. (2017). SOME/IP protocol specification. https://www.autosar.org/fileadmin/user_upload/standards/foundation/1-1/AUTOSAR_PRS_SOMEIPProtocol.pdf. Zugriffsdatum 2021-06-01.

  7. Bißmeyer, N., et al. (2011). A generic public key infrastructure for securing car-to-x communication. 18th ITS World Congress, Orlando, USA, vol. 14.

    Google Scholar 

  8. Bißmeyer, N., et al. (2014). V2X security architecture v2. PRESERVE Project, Deliverable D 1.

    Google Scholar 

  9. Bogdanov, A. (2007). Attacks on the KeeLoq block cipher and authentication systems. 3rd Conference on RFID Security, vol. 2007.

    Google Scholar 

  10. Bokslag, W. (2017). An assessment of ECM authentication in modern vehicles. Eindhoven University of Technology.

    Google Scholar 

  11. Bono, S., et al. (2005). Security analysis of a cryptographically-enabled RFID device. USENIX Security Symposium, vol. 31.

    Google Scholar 

  12. Brom, T. (2020). On the CANT bus, no one can hear you scream. Almost There | RSA Conference. https://www.rsaconference.com/library/presentation/usa/2020/on-the-cant-bus-no-one-can-hear-you-scream. Zugriffsdatum 2021-06-01.

  13. Bundesamt für Sicherheit in der Informationstechnik. (2021). Kryptographische Verfahren: Empfehlungen und Schlüssellängen, Version 2021–01, BSI Technische Richtlinie TR-02102-1. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.html. Zugriffsdatum 2021-06-01.

  14. CAR 2 CAR Communication Consortium. (2018). Protection profile V2X hardware security module. www.car-2-car.org. https://www.car-2-car.org/fileadmin/documents/Basic_System_Profile/Release_1.3.0/C2CCC_PP_2056_HSM.pdf. Zugriffsdatum 2021-06-01.

  15. Carsten, P., et al. (2015). In-vehicle networks. In Proceedings of the 10th Annual Cyber and Information Security Research Conference. https://doi.org/10.1145/2746266.2746267.

  16. Checkoway, S., et al. (2011). Comprehensive experimental analyses of automotive attack. In Proceedings of the 20th USENIX conference on Security. USENIX Association.

    Google Scholar 

  17. Cho, K. T., & Shin, K. G. (2016). Fingerprinting electronic control units for vehicle intrusion detection. In Proceedings of the 25th USENIX Security Symposium.

    Google Scholar 

  18. Colombier, B., et al. (2019). Laser-induced single-bit faults in flash memory: Instructions corruption on a 32-bit microcontroller. In 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). https://doi.org/10.1109/hst.2019.8741030.

  19. Davi, L., et al. (2014). Hardware-assisted fine-grained control-flow integrity. In Proceedings of the The 51st Annual Design Automation Conference on Design Automation Conference – DAC ’14. https://doi.org/10.1145/2593069.2596656.

  20. Doll, S. (2021). Over-the-air updates: How does each EV automaker compare? Electrek. https://electrek.co/2021/07/06/over-the-air-updates-how-does-each-ev-automaker-compare/. Zugriffsdatum 2021-06-01.

  21. Dreyfus, E. (2014). TLS hardening. arXiv preprint arXiv:1407.2168. Zugriffsdatum 2021-06-01.

  22. Dworkin, M. J. (2016). Recommendation for block cipher modes of operation. In Special Publication (NIST SP) – 800–38B. https://doi.org/10.6028/nist.sp.800-38b.

  23. ECRYPT II. (2012). Yearly report on algorithms and key length. http://www.ecrypt.eu.org/. Zugriffsdatum 2021-06-01.

  24. Escherich, R., et al. (2009). SHE–Secure Hardware Extension–Functional specification version 1.1. Hersteller Initiative Software (HIS) AK Security.

    Google Scholar 

  25. ETSI. (2009). ETSI TR 102 638 (V1.1.1) – Vehicular communications; basic set of applications. http://www.etsi.org/deliver/etsi_tr/102600_102699/102638/01.01.01_60/tr_102638v010101p.pdf. Zugriffsdatum 2021-06-01.

  26. ETSI. (2010a). ETSI EN. “302 665 v1. 1.1: Intelligent Transport Systems (ITS), communications architecture”.

    Google Scholar 

  27. ETSI. (2010b). ETSI TR 102 893,“ITS; Security; Threat, Vulnerability and Risk Analysis (TVRA)”.

    Google Scholar 

  28. ETSI. (2010c). ETSI TS 102 731 (V1.1.1) – Security services and architecture. http://www.etsi.org/deliver/etsi_ts/102700_102799/102731/01.01.01_60/ts_102731v010101p.pdf. Zugriffsdatum 2021-06-01.

  29. ETSI. (2012a). ETSI TS 102 867 (V1.1.1) – Stage 3 mapping for IEEE 1609.2. http://www.etsi.org/deliver/etsi_ts/102900_102999/102940/01.01.01_60/ts_102940v010101p.pdf. Zugriffsdatum 2021-06-01.

  30. ETSI. (2012b). ETSI TS 102 940 (V1.1.1) – ITS communications security architecture and security management. http://www.etsi.org/deliver/etsi_ts/102900_102999/102940/01.01.01_60/ts_102940v010101p.pdf. Zugriffsdatum 2021-06-01.

  31. ETSI. (2012c). ETSI TS 102 941 (V1.1.1) – Trust and privacy management. http://www.etsi.org/deliver/etsi_ts/102900_102999/102941/01.01.01_60/ts_102941v010101p.pdf. Zugriffsdatum 2021-06-01.

  32. ETSI. (2012d). ETSI TS 102 942 (V1.1.1) – Access control. http://www.etsi.org/deliver/etsi_ts/102900_102999/102942/01.01.01_60/ts_102942v010101p.pdf. Zugriffsdatum 2021-06-01.

  33. ETSI. (2012e). ETSI TS 102 943 (V1.1.1) – Confidentiality services. http://www.etsi.org/deliver/etsi_ts/102900_102999/102943/01.01.01_60/ts_102943v010101p.pdf. Zugriffsdatum 2021-06-01.

  34. ETSI. (2014a). ETSI EN 302 636 V1.2.1: Intelligent Transport Systems (ITS); vehicular communications; GeoNetworking; Part 1: Requirements.

    Google Scholar 

  35. ETSI. (2014b). ETSI EN 302 637–2 – Intelligent Transport Systems (ITS); vehicular communications; basic set of applications; Part 2: Specification of cooperative awareness basic service.

    Google Scholar 

  36. ETSI. (2014c). ETSI EN 302 637–3 V1.2.2 – Intelligent Transport Systems (ITS); vehicular communications; basic set of applications; Part 3: Specifications of decentralized environmental notification basic service.

    Google Scholar 

  37. ETSI. (2017). ETSI TS 103 097 (V1.1.1) – Security header and certificate formats. http://www.etsi.org/deliver/etsi_ts/103000_103099/103097/01.02.01_60/ts_103097v010201p.pdf. Zugriffsdatum 2021-06-01.

  38. Europäische Kommission. (1995). Commission Directive 95/56/EC, Euratom of 8 November 1995 adapting to technical progress Council Directive 74/61/EEC relating to devices to prevent the unauthorized use of motor vehicles. EUR-Lex – 31995L0056 – EN – EUR-Lex. https://eur-lex.europa.eu/eli/dir/1995/56/oj. Zugriffsdatum 2021-06-01.

  39. Europäische Kommission. (2009). M/453 standardisation mandate addressed to Cen, Cenelec and ETSI in the field of information and communication technologies to support the interoperability of co-operative systems for intelligent transport in the european community. https://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=434. Zugriffsdatum 2021-06-01.

  40. Europäische Kommission. (2016). C-ITS platform-final report. C-ITS Platform. https://ec.europa.eu/transport/sites/default/files/themes/its/doc/c-its-platform-final-report-january-2016.pdf. Zugriffsdatum 2021-06-01.

  41. Europäische Kommission. (2017). Certificate policy for deployment and operation of European Cooperative Intelligent Transport Systems (C-ITS). C-ITS Plattform.

    Google Scholar 

  42. Europäische Union. (2016). Verordnung (EU) 2016/679 des europäischen Parlaments und des Rates zum Schutz natürlicher Personen bei der Verarbeitung personenbezogener Daten, zum freien Datenverkehr und zur Aufhebung der Richtlinie 95/46/EG (Datenschutz-Grundverordnung DSGVO). EUR-Lex – 32016R0679 – EN – EUR-Lex. https://eur-lex.europa.eu/eli/reg/2016/679/oj. Zugriffsdatum 2021-06-01.

  43. Europäische Union. (2018). Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport. EUR-Lex – 32010L0040 – EN – EUR-Lex. https://eur-lex.europa.eu/eli/dir/2010/40/oj. Zugriffsdatum 2021-06-01.

  44. Europäische Union. (2020). Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications | European Data Protection Board. https://edpb.europa.eu/our-work-tools/documents/public-consultations/2020/guidelines-12020-processing-personal-data_de. Zugriffsdatum 2021-06-01.

  45. Fernandes, B., et al. (2018). Implementation and analysis of IEEE and ETSI security standards for vehicular communications. Mobile Networks and Applications, 23(3), 469–478. https://doi.org/10.1007/s11036-018-1019-x

    Article  Google Scholar 

  46. Foster, I., et al. (2015). Fast and vulnerable: A story of telematic failures | USENIX. USENIX. https://www.usenix.org/conference/woot15/workshop-program/presentation/foster. Zugriffsdatum 2021-06-01.

  47. Francillon, A., et al. (2011). Relay attacks on passive keyless entry and start systems in modern cars. Department of Computer Science ETH Zurich.

    Google Scholar 

  48. Fraunhofer SIT. (2018). Eberbacher Gespräch: Next Generation Crypto. https://www.sit.fraunhofer.de/en/news-events/landingpages/eberbacher-gespraech-next-generation-crypto/. Zugriffsdatum 2021-06-01.

  49. Ghosal, A., & Conti, M. (2020). Security issues and challenges in V2X: A survey. Computer Networks, 169, 107093. https://doi.org/10.1016/j.comnet.2019.107093

    Article  Google Scholar 

  50. Groza, B., et al. (2012). LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks. In Cryptology and Network Security (S. 185–200). https://doi.org/10.1007/978-3-642-35404-5_15.

  51. Gupta, A. (2019). The IoT hacker’s handbook. Apress.

    Book  Google Scholar 

  52. Hamida, E., et al. (2015). Security of cooperative intelligent transport systems: Standards, threats analysis and cryptographic countermeasures. Electronics, 4(3), 380–423. https://doi.org/10.3390/electronics4030380

    Article  Google Scholar 

  53. Han, K., et al. (2014). Automotive cybersecurity for in-vehicle communication. IQT.

    Google Scholar 

  54. Hazem, A., & Fahmy, H. A. H. (2012). LCAP – A Lightweight CAN Authentication Protocol for securing in-vehicle networks. ESCAR EUROPE.

    Google Scholar 

  55. Hedderich, J., & Sachs, L. (2021). Angewandte Statistik: Methodensammlung mit R (17., überarb. U. erg. Aufl. 2020 Aufl.). Springer Spektrum.

    Google Scholar 

  56. Hoppe, T., et al. (2009). Applying intrusion detection to automotive IT – Early insights and remaining challenges. Journal of Information Assurance and Security (JIAS), 4(6), 226–235.

    Google Scholar 

  57. Hu, Q., & Luo, F. (2018). Review of secure communication approaches for in-vehicle network. International Journal of Automotive Technology, 19(5), 879–894. https://doi.org/10.1007/s12239-018-0085-1

    Article  Google Scholar 

  58. Humayed, A., et al. (2020). CANSentry: Securing CAN-based cyber-physical systems against denial and spoofing attacks. Computer Security – ESORICS 2020, 12308, 153–173. https://doi.org/10.1007/978-3-030-58951-6_8

    Article  Google Scholar 

  59. ISO. (2002). ISO/IEC 7498–1:1994(en), Information technology — Open systems interconnection — Basic reference model: The basic model — Part 1. ISO/IEC JTC 1.

    Google Scholar 

  60. ISO. (2009). ISO 13400 Road vehicles – Diagnostic communication between test equipment and vehicles over Internet Protocol (DoIP).

    Google Scholar 

  61. ISO. (2015). ISO 15031-5:2015: Road vehicles – Communication between vehicle and external equipment for emissions-related diagnostics – Part 5: Emissions-related diagnostic services. ISO/TC 22/SC 31.

    Google Scholar 

  62. ISO. (2020). ISO 14229–1: 2020 Road vehicles – Unified Diagnostic services (UDS) – Part 1: Specification and requirements.

    Google Scholar 

  63. Jager, T., et al. (2013). One bad apple: Backwards compatibility attacks on state-of-the-art cryptography. NDSS.

    Google Scholar 

  64. Jithin, R., & Chandran, P. (2014). Virtual machine isolation. Communications in Computer and Information Science. https://doi.org/10.1007/978-3-642-54525-2_8

    Article  Google Scholar 

  65. Johanson, M., et al. (2011). Remote vehicle diagnostics over the internet using the DoIP Protocol. In ICSNC 2011.

    Google Scholar 

  66. Karthik, T., et al. (2016). Uptane: Securing software updates for automobiles. In International Conference on Embedded Security in Car.

    Google Scholar 

  67. Kasper, T. (2013). RUB-Repository – Security analysis of pervasive wireless devices. Ruhr-Unibochum.De. https://hss-opus.ub.ruhr-unibochum.de/opus4/frontdoor/index/index/docId/1415. Zugriffsdatum 2021-06-01.

  68. Kent, S., & Seo, K. (2005). Security architecture for the internet protocol. In RFC. https://doi.org/10.17487/rfc4301.

  69. Khraisat, A., et al. (2019). Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity, 2(1), 1–22. https://doi.org/10.1186/s42400-019-0038-7

    Article  Google Scholar 

  70. Kumar, G. (2014). Evaluation metrics for intrusion detection systems – A study. International Journal of Computer Science and Mobile Applications, 2(11), 11–17.

    Google Scholar 

  71. Lapid, B., & Wool, A. (2019). Cache-attacks on the ARM TrustZone implementations of AES-256 and AES-256-GCM via GPU-based analysis. Selected Areas in Cryptography – SAC 2018, 11349, 235–256. https://doi.org/10.1007/978-3-030-10970-7_11

    Article  MathSciNet  MATH  Google Scholar 

  72. Lemke, K., et al. (2005). Embedded security in cars: Securing current and future automotive IT applications (2006. Aufl.). Springer.

    Google Scholar 

  73. Liebchen, C. (2018). Advancing memory-corruption attacks and defenses. Technische Universität.

    Google Scholar 

  74. Lokman, S. F., et al. (2019). Intrusion detection system for automotive Controller Area Network (CAN) bus system: A review. EURASIP Journal on Wireless Communications and Networking. https://doi.org/10.1186/s13638-019-1484-3

    Article  Google Scholar 

  75. Martens, B., & Mueller-Langer, F. (2018). Access to digital car data and competition in aftersales services. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3262807

    Article  Google Scholar 

  76. Mazloom, S., et al. (2016). A security analysis of an in vehicle infotainment and app platform. 10th USENIX Workshop on Offensive Technologies, WOOT 2016.

    Google Scholar 

  77. McCarthy, M., et al. (2017). Access to in-vehicle data and resources. Europäische Kommission – Directorate-General for Mobility and Transport. https://ec.europa.eu/transport/sites/default/files/2017-05-access-to-in-vehicle-data-and-resources.pdf. Zugriffsdatum 2021-06-01.

  78. Miller, I. (2001). Protection against a variant of the tiny fragment attack (RFC 1858). In RFC. https://doi.org/10.17487/rfc3128.

  79. Miller, C., & Valasek, C. (2013). Adventures in automotive networks and control units.

    Google Scholar 

  80. Miller, C., & Valasek, C. (2015). Remote exploitation of an unaltered passenger vehicle. Black Hat USA.

    Google Scholar 

  81. Moriarty, K., et al. (2016). PKCS #1: RSA cryptography specifications version 2.2. In IETF RFC 8017. https://doi.org/10.17487/rfc8017.

  82. Mousa, A. R., et al. (2016). Lightweight authentication protocol deployment over FlexRay. In Proceedings of the 10th International Conference on Informatics and Systems – INFOS ’16. https://doi.org/10.1145/2908446.2908485.

  83. Müller, K. (2018). IT-Sicherheit mit System: Integratives IT-Sicherheits-, Kontinuitäts- und Risikomanagement – Sichere Anwendungen – Standards und Practices (6., erw. U. überarb. Aufl. 2018 Aufl.). Springer.

    Book  Google Scholar 

  84. Nasahl, P., & Timmers, N. (2019). Attacking AUTOSAR using software and hardware attacks. ESCAR USA.

    Google Scholar 

  85. National Highway Traffic Safety Administration (NHTSA). (2016). Cybersecurity best practices for modern vehicles. US Department of Transportation. https://www.nhtsa.gov/staticfiles/nvs/pdf/812333_CybersecurityForModernVehicles.pdf. Zugriffsdatum 2021-06-01.

  86. Nie, S., et al. (2017). Free-fall: Hacking tesla from wireless to can bus. DEFCON. https://www.blackhat.com/docs/us-17/thursday/us-17-Nie-Free-Fall-Hacking-Tesla-From-Wireless-To-CAN-Bus-wp.pdf. Zugriffsdatum 2021-06-01.

  87. Paar, C., et al. (2009). Understanding cryptography: A textbook for students and practitioners (1. Aufl.). Springer.

    MATH  Google Scholar 

  88. Pareja, R. (2018). Fault injection on automotive diagnostic protocols. ESCAR USA.

    Google Scholar 

  89. Prove & Run. (2018). Proven security for the internet of things. https://www.provenrun.com/about/proven-security-for-the-iot/. Zugriffsdatum 2021-06-01.

  90. Regenscheid, A. (2018). Platform firmware resiliency guidelines. In Platform Firmware Resiliency Guidelines. https://doi.org/10.6028/nist.sp.800-193.

  91. Rescorla, E. (2018). The Transport Layer Security (TLS) protocol version 1.3. In IETF RFC 8446. https://doi.org/10.17487/rfc8446.

  92. Rescorla, E., & Modadugu, N. (2012). Datagram transport layer security version 1.2. In RFC. https://doi.org/10.17487/rfc6347.

  93. Riggs, H., et al. (2020). Survey of solid state drives, characteristics, technology, and applications. In 2020 SoutheastCon. https://doi.org/10.1109/southeastcon44009.2020.9249760.

  94. Robert Bosch GmbH, Reif, K., & Dietsche, K. (2018). Kraftfahrtechnisches Taschenbuch (29., überarb. u. erw. Aufl. 2019 Aufl.). Springer Vieweg.

    Google Scholar 

  95. Ruddle, A., et al. (2008). Security requirements for automotive on-board networks based on dark-side scenarios (EVITA Deliverable 2.3). European Commission: EVITA – E-safety Vehicle Intrusion proTected Applications (224275).

    Google Scholar 

  96. Rupprecht, D., et al. (2018). On security research towards future mobile network generations. IEEE Communications Surveys & Tutorials, 20(3), 2518–2542. https://doi.org/10.1109/comst.2018.2820728

    Article  Google Scholar 

  97. Sabt, M., et al. (2015). Trusted execution environment: What It is, and What It is Not. In 2015 IEEE Trustcom/BigDataSE/ISPA. https://doi.org/10.1109/trustcom.2015.357.

  98. Sagong, S. U., et al. (2018). Exploring attack surfaces of voltage-based intrusion detection systems in controller area networks. ESCAR Europe.

    Google Scholar 

  99. Scarfone, K. A., & Mell, P. M. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS). In Recommendations of the National Institute of Standards and Technology. https://doi.org/10.6028/nist.sp.800-94.

  100. Shanmugam, K. (2019). Securing inter-processor communication in automotive ECUs. In SAE Technical Paper Series. https://doi.org/10.4271/2019-26-0363.

  101. Stigge, M., et al. (2006). Reversing CRC – Theory and practice. HU Berlin.

    Google Scholar 

  102. TCG. (2019). TCG Runtime Integrity Preservation in Mobile Devices – Family “2.0” Level 00 Revision 106. trustedcomputinggroup.org. https://trustedcomputinggroup.org/wp-content/uploads/TCG_MPWG_RIP_r106_published.pdf. Zugriffsdatum 2021-06-01.

  103. TCG EFI Platform Specification For TPM Family 1.1 or 1.2 Specification Version 1.22 Revision 15. (2014). Trusted computing group. https://trustedcomputinggroup.org/resource/tcg-efi-platform-specification/. Zugriffsdatum 2021-06-01.

  104. TCG TPM 2.0 Automotive Thin Profile For TPM Family 2.0; Level 0. (2019). Trusted computing group. https://trustedcomputinggroup.org/resource/tcg-tpm-2-0-library-profile-for-automotive-thin/. Zugriffsdatum 2021-06-01.

  105. Tencent Technology Co. (2018). Experimental security assessment of BMW cars: A summary report. https://keenlab.tencent.com/en/whitepapers/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf. Zugriffsdatum 2021-06-01.

  106. UNECE. (2021). UN Regulation No. 156 – Software update and software update management system | UNECE. UNECE.ORG. https://unece.org/transport/documents/2021/03/standards/un-regulation-no-156-software-update-and-software-update. Zugriffsdatum 2021-06-01.

  107. van den Herrewegen, J., & Garcia, F. D. (2018). Beneath the bonnet: A breakdown of diagnostic security. Computer Security. https://doi.org/10.1007/978-3-319-99073-6_15

    Article  Google Scholar 

  108. van Herrewege, A., et al. (2011). CANAuth – A simple, backward compatible broadcast authentication protocol for CAN bus. ECRYPT Workshop on Lightweight Cryptography.

    Google Scholar 

  109. van Ours, J. C., & Vollaard, B. (2015). The engine immobiliser: A non-starter for car thieves. The Economic Journal, 126(593), 1264–1291. https://doi.org/10.1111/ecoj.12196

    Article  Google Scholar 

  110. Vasudevan, A., et al. (2012). Trustworthy execution on mobile devices: What security properties can my mobile platform give me? Trust and Trustworthy Computing. https://doi.org/10.1007/978-3-642-30921-2_10

    Article  Google Scholar 

  111. Verdult, R., et al. (2012). Gone in 360 seconds: Hijacking with Hitag2. 21st USENIX Security Symposium.

    Google Scholar 

  112. Verdult, R., et al. (2015). Dismantling megamos crypto: Wirelessly lockpicking a vehicle immobilizer. Supplement to the 22nd USENIX Security Symposium.

    Google Scholar 

  113. Verendel, V., et al. (2008). An approach to using honeypots in in-vehicle networks. In 2008 IEEE 68th Vehicular Technology Conference. https://doi.org/10.1109/vetecf.2008.260.

  114. Wallentowitz, H., & Reif, K. (2010). Handbuch Kraftfahrzeugelektronik: Grundlagen - Komponenten – Systeme - Anwendungen (ATZ/MTZ-Fachbuch) (2., verb. u. akt. Aufl. 2011 Aufl.). Vieweg + Teubner.

    Google Scholar 

  115. Watkins, M., & Wallace, K. (2008). CCNA security official exam certification guide (Exam 640–553). Amsterdam University Press.

    Google Scholar 

  116. Weyl, B., et al. (2010). Secure on-board architecture specification. Technical report deliverable D3.2. EVITA Project. https://evita-project.org/deliverables.html. Zugriffsdatum 2021-06-01.

  117. Wolf, M. (2009). Security engineering for vehicular IT systems. Springer Vieweg.

    Book  Google Scholar 

  118. Wolf, M., et al. (2004). Security in automotive bus systems. In Proceeding of the Workshop on Embedded IT-Security in Cars.

    Google Scholar 

  119. Woo, S., et al. (2014). A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Transactions on Intelligent Transportation Systems. https://doi.org/10.1109/tits.2014.2351612

    Article  Google Scholar 

  120. Wouters, L., et al. (2020). Dismantling DST80-based immobiliser systems. IACR Transactions on Cryptographic Hardware and Embedded Systems. https://doi.org/10.46586/tches.v2020.i2.99-127

    Article  Google Scholar 

  121. Yadav, A., et al. (2016). Security, vulnerability and protection of vehicular on-board diagnostics. International Journal of Security and Its Applications, 10(4), 405–422. https://doi.org/10.14257/ijsia.2016.10.4.36

    Article  Google Scholar 

  122. Yan, Z., et al. (2020). IEEE access special section editorial: Trusted computing. IEEE Access, 8, 25722–25726. https://doi.org/10.1109/access.2020.2969768

    Article  Google Scholar 

  123. Zimmermann, W., & Schmidgall, R. (2014). Bussysteme in der Fahrzeugtechnik: Protokolle, Standards und Softwarearchitektur (ATZ/MTZ-Fachbuch) (5., aktualisierte und erw. Aufl. 2014 Aufl.). Springer Vieweg.

    Book  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ZF Friedrichshafen AG, Graf-von-Soden-Platz 1, Friedrichshafen, Deutschland

    Manuel Wurm

Authors
  1. Manuel Wurm
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Manuel Wurm .

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Der/die Autor(en), exklusiv lizenziert durch Springer-Verlag GmbH, DE, ein Teil von Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Wurm, M. (2022). Technische Security-Bausteine. In: Automotive Cybersecurity. Springer Vieweg, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-64228-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-64228-3_5

  • Published:

  • Publisher Name: Springer Vieweg, Berlin, Heidelberg

  • Print ISBN: 978-3-662-64227-6

  • Online ISBN: 978-3-662-64228-3

  • eBook Packages: Computer Science and Engineering (German Language)

Publish with us

Policies and ethics

Search

Navigation