Top

Published in:

2022 | OriginalPaper | Chapter

5. Technische Security-Bausteine

Author : Manuel Wurm

Published in: Automotive Cybersecurity

Publisher: Springer Berlin Heidelberg

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Zusammenfassung

Ein mehrschichtiges Verteidigungskonzept besteht aus technischer Sicht aus einer Komposition mehrerer Security-Bausteine mit verschiedenen Schutz- und Verteidigungsmaßnahmen, die ihre Wirkung auf unterschiedlichen Architekturebenen des Gesamtsystems entfalten. In diesem Kapitel werden von der ECU als innerste Schicht bis zur Automotive-Infrastruktur als äußerste Schicht, die technischen Security-Bausteine für alle Ebenen der Fahrzeugarchitektur dargestellt und ausführlich beschrieben. Dabei wird sowohl auf die Schutzziele und Securityanforderungen der jeweiligen Funktionen eingegangen als auch auf konkrete Lösungsmöglichkeiten sowie Abhängigkeiten zu anderen Security-Bausteinen. Nach Möglichkeit wird auf existierende Standards und Best-Practices eingegangen, aber alternative Umsetzungen werden ebenso erörtert. Als Hauptgegenstand dieses Buchs zielt dieses Kapitel darauf ab, einen möglichst breiten und gleichermaßen tiefen Einblick in die technischen Security-Bausteine zu geben.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Secure Product Lifecycle

Beispielsweise könnte der blockierte Zugriff auf die (geheimen) SecOC-Schlüssel dazu führen, dass das Steuergerät keine authentisierten Botschaften mehr absenden kann. Das potenziell kompromittierte Steuergerät könnte zwar grundsätzlich mit den anderen Busteilnehmern kommunizieren, aufgrund des blockierten Schlüsselspeichers jedoch keine securityrelevanten Botschaften mehr versenden. Andere Busteilnehmer sind in der Lage, derartige Situation zu erkennen und ggf. zu reagieren.

Authenticated Boot: Auswertung und Reaktion der SecureBoot-Prüfung erfolgt erst beim nächsten Booten. So wäre eine Fehlersuche und -behebung möglich.

Der Schutz der Vertraulichkeit wird von SecOC nicht unterstützt.

PDU = Botschaft, I-PDU ist eine sog. Interaction-PDU (PDU auf höherer Ebene in der Autosar-Architektur).

ggf. auch indirekt, als Opfer eines Social Engineering-Angriffs.

Abadi, M., et al. (2009). Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security, 13(1), 1–40. https://doi.org/10.1145/1609956.1609960CrossRef

Abodunrin, D., et al. (2015). Some dangers from 2G networks legacy support and a possible mitigation. In 2015 IEEE Conference on Communications and Network Security (CNS). https://doi.org/10.1109/cns.2015.7346872.

Alrabady, A. I. (2002). Security of passive access vehicle. Amsterdam University Press.

Alshamsi, A., & Saito, T. (2005). A technical comparison of IPSec and SSL. In 19th International Conference on Advanced Information Networking and Applications (AINA’05) Volume 1 (AINA papers). https://doi.org/10.1109/aina.2005.70.

ARM Holding. (2011). ARM architecture reference manual ARMv7-A and ARMv7-R edition. Documentation – Arm Developer. https://developer.arm.com/documentation/ddi0406/c/. Zugriffsdatum 2021-06-01.

AUTOSAR. (2017). SOME/IP protocol specification. https://www.autosar.org/fileadmin/user_upload/standards/foundation/1-1/AUTOSAR_PRS_SOMEIPProtocol.pdf. Zugriffsdatum 2021-06-01.

Bißmeyer, N., et al. (2011). A generic public key infrastructure for securing car-to-x communication. 18th ITS World Congress, Orlando, USA, vol. 14.

Bißmeyer, N., et al. (2014). V2X security architecture v2. PRESERVE Project, Deliverable D 1.

Bogdanov, A. (2007). Attacks on the KeeLoq block cipher and authentication systems. 3rd Conference on RFID Security, vol. 2007.

10.

Bokslag, W. (2017). An assessment of ECM authentication in modern vehicles. Eindhoven University of Technology.

11.

Bono, S., et al. (2005). Security analysis of a cryptographically-enabled RFID device. USENIX Security Symposium, vol. 31.

12.

Brom, T. (2020). On the CANT bus, no one can hear you scream. Almost There | RSA Conference. https://www.rsaconference.com/library/presentation/usa/2020/on-the-cant-bus-no-one-can-hear-you-scream. Zugriffsdatum 2021-06-01.

13.

Bundesamt für Sicherheit in der Informationstechnik. (2021). Kryptographische Verfahren: Empfehlungen und Schlüssellängen, Version 2021–01, BSI Technische Richtlinie TR-02102-1. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.html. Zugriffsdatum 2021-06-01.

14.

CAR 2 CAR Communication Consortium. (2018). Protection profile V2X hardware security module. www.car-2-car.org. https://www.car-2-car.org/fileadmin/documents/Basic_System_Profile/Release_1.3.0/C2CCC_PP_2056_HSM.pdf. Zugriffsdatum 2021-06-01.

15.

Carsten, P., et al. (2015). In-vehicle networks. In Proceedings of the 10th Annual Cyber and Information Security Research Conference. https://doi.org/10.1145/2746266.2746267.

16.

Checkoway, S., et al. (2011). Comprehensive experimental analyses of automotive attack. In Proceedings of the 20th USENIX conference on Security. USENIX Association.

17.

Cho, K. T., & Shin, K. G. (2016). Fingerprinting electronic control units for vehicle intrusion detection. In Proceedings of the 25th USENIX Security Symposium.

18.

Colombier, B., et al. (2019). Laser-induced single-bit faults in flash memory: Instructions corruption on a 32-bit microcontroller. In 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). https://doi.org/10.1109/hst.2019.8741030.

19.

Davi, L., et al. (2014). Hardware-assisted fine-grained control-flow integrity. In Proceedings of the The 51st Annual Design Automation Conference on Design Automation Conference – DAC ’14. https://doi.org/10.1145/2593069.2596656.

20.

Doll, S. (2021). Over-the-air updates: How does each EV automaker compare? Electrek. https://electrek.co/2021/07/06/over-the-air-updates-how-does-each-ev-automaker-compare/. Zugriffsdatum 2021-06-01.

21.

Dreyfus, E. (2014). TLS hardening. arXiv preprint arXiv:1407.2168. Zugriffsdatum 2021-06-01.

22.

Dworkin, M. J. (2016). Recommendation for block cipher modes of operation. In Special Publication (NIST SP) – 800–38B. https://doi.org/10.6028/nist.sp.800-38b.

23.

ECRYPT II. (2012). Yearly report on algorithms and key length. http://www.ecrypt.eu.org/. Zugriffsdatum 2021-06-01.

24.

Escherich, R., et al. (2009). SHE–Secure Hardware Extension–Functional specification version 1.1. Hersteller Initiative Software (HIS) AK Security.

25.

ETSI. (2009). ETSI TR 102 638 (V1.1.1) – Vehicular communications; basic set of applications. http://www.etsi.org/deliver/etsi_tr/102600_102699/102638/01.01.01_60/tr_102638v010101p.pdf. Zugriffsdatum 2021-06-01.

26.

ETSI. (2010a). ETSI EN. “302 665 v1. 1.1: Intelligent Transport Systems (ITS), communications architecture”.

27.

ETSI. (2010b). ETSI TR 102 893,“ITS; Security; Threat, Vulnerability and Risk Analysis (TVRA)”.

28.

ETSI. (2010c). ETSI TS 102 731 (V1.1.1) – Security services and architecture. http://www.etsi.org/deliver/etsi_ts/102700_102799/102731/01.01.01_60/ts_102731v010101p.pdf. Zugriffsdatum 2021-06-01.

29.

ETSI. (2012a). ETSI TS 102 867 (V1.1.1) – Stage 3 mapping for IEEE 1609.2. http://www.etsi.org/deliver/etsi_ts/102900_102999/102940/01.01.01_60/ts_102940v010101p.pdf. Zugriffsdatum 2021-06-01.

30.

ETSI. (2012b). ETSI TS 102 940 (V1.1.1) – ITS communications security architecture and security management. http://www.etsi.org/deliver/etsi_ts/102900_102999/102940/01.01.01_60/ts_102940v010101p.pdf. Zugriffsdatum 2021-06-01.

31.

ETSI. (2012c). ETSI TS 102 941 (V1.1.1) – Trust and privacy management. http://www.etsi.org/deliver/etsi_ts/102900_102999/102941/01.01.01_60/ts_102941v010101p.pdf. Zugriffsdatum 2021-06-01.

32.

ETSI. (2012d). ETSI TS 102 942 (V1.1.1) – Access control. http://www.etsi.org/deliver/etsi_ts/102900_102999/102942/01.01.01_60/ts_102942v010101p.pdf. Zugriffsdatum 2021-06-01.

33.

ETSI. (2012e). ETSI TS 102 943 (V1.1.1) – Confidentiality services. http://www.etsi.org/deliver/etsi_ts/102900_102999/102943/01.01.01_60/ts_102943v010101p.pdf. Zugriffsdatum 2021-06-01.

34.

ETSI. (2014a). ETSI EN 302 636 V1.2.1: Intelligent Transport Systems (ITS); vehicular communications; GeoNetworking; Part 1: Requirements.

35.

ETSI. (2014b). ETSI EN 302 637–2 – Intelligent Transport Systems (ITS); vehicular communications; basic set of applications; Part 2: Specification of cooperative awareness basic service.

36.

ETSI. (2014c). ETSI EN 302 637–3 V1.2.2 – Intelligent Transport Systems (ITS); vehicular communications; basic set of applications; Part 3: Specifications of decentralized environmental notification basic service.

37.

ETSI. (2017). ETSI TS 103 097 (V1.1.1) – Security header and certificate formats. http://www.etsi.org/deliver/etsi_ts/103000_103099/103097/01.02.01_60/ts_103097v010201p.pdf. Zugriffsdatum 2021-06-01.

38.

Europäische Kommission. (1995). Commission Directive 95/56/EC, Euratom of 8 November 1995 adapting to technical progress Council Directive 74/61/EEC relating to devices to prevent the unauthorized use of motor vehicles. EUR-Lex – 31995L0056 – EN – EUR-Lex. https://eur-lex.europa.eu/eli/dir/1995/56/oj. Zugriffsdatum 2021-06-01.

39.

Europäische Kommission. (2009). M/453 standardisation mandate addressed to Cen, Cenelec and ETSI in the field of information and communication technologies to support the interoperability of co-operative systems for intelligent transport in the european community. https://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=434. Zugriffsdatum 2021-06-01.

40.

Europäische Kommission. (2016). C-ITS platform-final report. C-ITS Platform. https://ec.europa.eu/transport/sites/default/files/themes/its/doc/c-its-platform-final-report-january-2016.pdf. Zugriffsdatum 2021-06-01.

41.

Europäische Kommission. (2017). Certificate policy for deployment and operation of European Cooperative Intelligent Transport Systems (C-ITS). C-ITS Plattform.

42.

Europäische Union. (2016). Verordnung (EU) 2016/679 des europäischen Parlaments und des Rates zum Schutz natürlicher Personen bei der Verarbeitung personenbezogener Daten, zum freien Datenverkehr und zur Aufhebung der Richtlinie 95/46/EG (Datenschutz-Grundverordnung DSGVO). EUR-Lex – 32016R0679 – EN – EUR-Lex. https://eur-lex.europa.eu/eli/reg/2016/679/oj. Zugriffsdatum 2021-06-01.

43.

Europäische Union. (2018). Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport. EUR-Lex – 32010L0040 – EN – EUR-Lex. https://eur-lex.europa.eu/eli/dir/2010/40/oj. Zugriffsdatum 2021-06-01.

44.

Europäische Union. (2020). Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications | European Data Protection Board. https://edpb.europa.eu/our-work-tools/documents/public-consultations/2020/guidelines-12020-processing-personal-data_de. Zugriffsdatum 2021-06-01.

45.

Fernandes, B., et al. (2018). Implementation and analysis of IEEE and ETSI security standards for vehicular communications. Mobile Networks and Applications, 23(3), 469–478. https://doi.org/10.1007/s11036-018-1019-xCrossRef

46.

Foster, I., et al. (2015). Fast and vulnerable: A story of telematic failures | USENIX. USENIX. https://www.usenix.org/conference/woot15/workshop-program/presentation/foster. Zugriffsdatum 2021-06-01.

47.

Francillon, A., et al. (2011). Relay attacks on passive keyless entry and start systems in modern cars. Department of Computer Science ETH Zurich.

48.

Fraunhofer SIT. (2018). Eberbacher Gespräch: Next Generation Crypto. https://www.sit.fraunhofer.de/en/news-events/landingpages/eberbacher-gespraech-next-generation-crypto/. Zugriffsdatum 2021-06-01.

49.

Ghosal, A., & Conti, M. (2020). Security issues and challenges in V2X: A survey. Computer Networks, 169, 107093. https://doi.org/10.1016/j.comnet.2019.107093CrossRef

50.

Groza, B., et al. (2012). LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks. In Cryptology and Network Security (S. 185–200). https://doi.org/10.1007/978-3-642-35404-5_15.

51.

Gupta, A. (2019). The IoT hacker’s handbook. Apress.CrossRef

52.

Hamida, E., et al. (2015). Security of cooperative intelligent transport systems: Standards, threats analysis and cryptographic countermeasures. Electronics, 4(3), 380–423. https://doi.org/10.3390/electronics4030380CrossRef

53.

Han, K., et al. (2014). Automotive cybersecurity for in-vehicle communication. IQT.

54.

Hazem, A., & Fahmy, H. A. H. (2012). LCAP – A Lightweight CAN Authentication Protocol for securing in-vehicle networks. ESCAR EUROPE.

55.

Hedderich, J., & Sachs, L. (2021). Angewandte Statistik: Methodensammlung mit R (17., überarb. U. erg. Aufl. 2020 Aufl.). Springer Spektrum.

56.

Hoppe, T., et al. (2009). Applying intrusion detection to automotive IT – Early insights and remaining challenges. Journal of Information Assurance and Security (JIAS), 4(6), 226–235.

57.

Hu, Q., & Luo, F. (2018). Review of secure communication approaches for in-vehicle network. International Journal of Automotive Technology, 19(5), 879–894. https://doi.org/10.1007/s12239-018-0085-1CrossRef

58.

Humayed, A., et al. (2020). CANSentry: Securing CAN-based cyber-physical systems against denial and spoofing attacks. Computer Security – ESORICS 2020, 12308, 153–173. https://doi.org/10.1007/978-3-030-58951-6_8 CrossRef

59.

ISO. (2002). ISO/IEC 7498–1:1994(en), Information technology — Open systems interconnection — Basic reference model: The basic model — Part 1. ISO/IEC JTC 1.

60.

ISO. (2009). ISO 13400 Road vehicles – Diagnostic communication between test equipment and vehicles over Internet Protocol (DoIP).

61.

ISO. (2015). ISO 15031-5:2015: Road vehicles – Communication between vehicle and external equipment for emissions-related diagnostics – Part 5: Emissions-related diagnostic services. ISO/TC 22/SC 31.

62.

ISO. (2020). ISO 14229–1: 2020 Road vehicles – Unified Diagnostic services (UDS) – Part 1: Specification and requirements.

63.

Jager, T., et al. (2013). One bad apple: Backwards compatibility attacks on state-of-the-art cryptography. NDSS.

64.

Jithin, R., & Chandran, P. (2014). Virtual machine isolation. Communications in Computer and Information Science. https://doi.org/10.1007/978-3-642-54525-2_8CrossRef

65.

Johanson, M., et al. (2011). Remote vehicle diagnostics over the internet using the DoIP Protocol. In ICSNC 2011.

66.

Karthik, T., et al. (2016). Uptane: Securing software updates for automobiles. In International Conference on Embedded Security in Car.

67.

Kasper, T. (2013). RUB-Repository – Security analysis of pervasive wireless devices. Ruhr-Unibochum.De. https://hss-opus.ub.ruhr-unibochum.de/opus4/frontdoor/index/index/docId/1415. Zugriffsdatum 2021-06-01.

68.

Kent, S., & Seo, K. (2005). Security architecture for the internet protocol. In RFC. https://doi.org/10.17487/rfc4301.

69.

Khraisat, A., et al. (2019). Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity, 2(1), 1–22. https://doi.org/10.1186/s42400-019-0038-7CrossRef

70.

Kumar, G. (2014). Evaluation metrics for intrusion detection systems – A study. International Journal of Computer Science and Mobile Applications, 2(11), 11–17.

71.

Lapid, B., & Wool, A. (2019). Cache-attacks on the ARM TrustZone implementations of AES-256 and AES-256-GCM via GPU-based analysis. Selected Areas in Cryptography – SAC 2018, 11349, 235–256. https://doi.org/10.1007/978-3-030-10970-7_11MathSciNetCrossRefMATH

72.

Lemke, K., et al. (2005). Embedded security in cars: Securing current and future automotive IT applications (2006. Aufl.). Springer.

73.

Liebchen, C. (2018). Advancing memory-corruption attacks and defenses. Technische Universität.

74.

Lokman, S. F., et al. (2019). Intrusion detection system for automotive Controller Area Network (CAN) bus system: A review. EURASIP Journal on Wireless Communications and Networking. https://doi.org/10.1186/s13638-019-1484-3CrossRef

75.

Martens, B., & Mueller-Langer, F. (2018). Access to digital car data and competition in aftersales services. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3262807CrossRef

76.

Mazloom, S., et al. (2016). A security analysis of an in vehicle infotainment and app platform. 10th USENIX Workshop on Offensive Technologies, WOOT 2016.

77.

McCarthy, M., et al. (2017). Access to in-vehicle data and resources. Europäische Kommission – Directorate-General for Mobility and Transport. https://ec.europa.eu/transport/sites/default/files/2017-05-access-to-in-vehicle-data-and-resources.pdf. Zugriffsdatum 2021-06-01.

78.

Miller, I. (2001). Protection against a variant of the tiny fragment attack (RFC 1858). In RFC. https://doi.org/10.17487/rfc3128.

79.

Miller, C., & Valasek, C. (2013). Adventures in automotive networks and control units.

80.

Miller, C., & Valasek, C. (2015). Remote exploitation of an unaltered passenger vehicle. Black Hat USA.

81.

Moriarty, K., et al. (2016). PKCS #1: RSA cryptography specifications version 2.2. In IETF RFC 8017. https://doi.org/10.17487/rfc8017.

82.

Mousa, A. R., et al. (2016). Lightweight authentication protocol deployment over FlexRay. In Proceedings of the 10th International Conference on Informatics and Systems – INFOS ’16. https://doi.org/10.1145/2908446.2908485.

83.

Müller, K. (2018). IT-Sicherheit mit System: Integratives IT-Sicherheits-, Kontinuitäts- und Risikomanagement – Sichere Anwendungen – Standards und Practices (6., erw. U. überarb. Aufl. 2018 Aufl.). Springer.CrossRef

84.

Nasahl, P., & Timmers, N. (2019). Attacking AUTOSAR using software and hardware attacks. ESCAR USA.

85.

National Highway Traffic Safety Administration (NHTSA). (2016). Cybersecurity best practices for modern vehicles. US Department of Transportation. https://www.nhtsa.gov/staticfiles/nvs/pdf/812333_CybersecurityForModernVehicles.pdf. Zugriffsdatum 2021-06-01.

86.

Nie, S., et al. (2017). Free-fall: Hacking tesla from wireless to can bus. DEFCON. https://www.blackhat.com/docs/us-17/thursday/us-17-Nie-Free-Fall-Hacking-Tesla-From-Wireless-To-CAN-Bus-wp.pdf. Zugriffsdatum 2021-06-01.

87.

Paar, C., et al. (2009). Understanding cryptography: A textbook for students and practitioners (1. Aufl.). Springer.MATH

88.

Pareja, R. (2018). Fault injection on automotive diagnostic protocols. ESCAR USA.

89.

Prove & Run. (2018). Proven security for the internet of things. https://www.provenrun.com/about/proven-security-for-the-iot/. Zugriffsdatum 2021-06-01.

90.

Regenscheid, A. (2018). Platform firmware resiliency guidelines. In Platform Firmware Resiliency Guidelines. https://doi.org/10.6028/nist.sp.800-193.

91.

Rescorla, E. (2018). The Transport Layer Security (TLS) protocol version 1.3. In IETF RFC 8446. https://doi.org/10.17487/rfc8446.

92.

Rescorla, E., & Modadugu, N. (2012). Datagram transport layer security version 1.2. In RFC. https://doi.org/10.17487/rfc6347.

93.

Riggs, H., et al. (2020). Survey of solid state drives, characteristics, technology, and applications. In 2020 SoutheastCon. https://doi.org/10.1109/southeastcon44009.2020.9249760.

94.

Robert Bosch GmbH, Reif, K., & Dietsche, K. (2018). Kraftfahrtechnisches Taschenbuch (29., überarb. u. erw. Aufl. 2019 Aufl.). Springer Vieweg.

95.

Ruddle, A., et al. (2008). Security requirements for automotive on-board networks based on dark-side scenarios (EVITA Deliverable 2.3). European Commission: EVITA – E-safety Vehicle Intrusion proTected Applications (224275).

96.

Rupprecht, D., et al. (2018). On security research towards future mobile network generations. IEEE Communications Surveys & Tutorials, 20(3), 2518–2542. https://doi.org/10.1109/comst.2018.2820728CrossRef

97.

Sabt, M., et al. (2015). Trusted execution environment: What It is, and What It is Not. In 2015 IEEE Trustcom/BigDataSE/ISPA. https://doi.org/10.1109/trustcom.2015.357.

98.

Sagong, S. U., et al. (2018). Exploring attack surfaces of voltage-based intrusion detection systems in controller area networks. ESCAR Europe.

99.

Scarfone, K. A., & Mell, P. M. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS). In Recommendations of the National Institute of Standards and Technology. https://doi.org/10.6028/nist.sp.800-94.

100.

Shanmugam, K. (2019). Securing inter-processor communication in automotive ECUs. In SAE Technical Paper Series. https://doi.org/10.4271/2019-26-0363.

101.

Stigge, M., et al. (2006). Reversing CRC – Theory and practice. HU Berlin.

102.

TCG. (2019). TCG Runtime Integrity Preservation in Mobile Devices – Family “2.0” Level 00 Revision 106. trustedcomputinggroup.org. https://trustedcomputinggroup.org/wp-content/uploads/TCG_MPWG_RIP_r106_published.pdf. Zugriffsdatum 2021-06-01.

103.

TCG EFI Platform Specification For TPM Family 1.1 or 1.2 Specification Version 1.22 Revision 15. (2014). Trusted computing group. https://trustedcomputinggroup.org/resource/tcg-efi-platform-specification/. Zugriffsdatum 2021-06-01.

104.

TCG TPM 2.0 Automotive Thin Profile For TPM Family 2.0; Level 0. (2019). Trusted computing group. https://trustedcomputinggroup.org/resource/tcg-tpm-2-0-library-profile-for-automotive-thin/. Zugriffsdatum 2021-06-01.

105.

Tencent Technology Co. (2018). Experimental security assessment of BMW cars: A summary report. https://keenlab.tencent.com/en/whitepapers/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf. Zugriffsdatum 2021-06-01.

106.

UNECE. (2021). UN Regulation No. 156 – Software update and software update management system | UNECE. UNECE.ORG. https://unece.org/transport/documents/2021/03/standards/un-regulation-no-156-software-update-and-software-update. Zugriffsdatum 2021-06-01.

107.

van den Herrewegen, J., & Garcia, F. D. (2018). Beneath the bonnet: A breakdown of diagnostic security. Computer Security. https://doi.org/10.1007/978-3-319-99073-6_15CrossRef

108.

van Herrewege, A., et al. (2011). CANAuth – A simple, backward compatible broadcast authentication protocol for CAN bus. ECRYPT Workshop on Lightweight Cryptography.

109.

van Ours, J. C., & Vollaard, B. (2015). The engine immobiliser: A non-starter for car thieves. The Economic Journal, 126(593), 1264–1291. https://doi.org/10.1111/ecoj.12196CrossRef

110.

Vasudevan, A., et al. (2012). Trustworthy execution on mobile devices: What security properties can my mobile platform give me? Trust and Trustworthy Computing. https://doi.org/10.1007/978-3-642-30921-2_10CrossRef

111.

Verdult, R., et al. (2012). Gone in 360 seconds: Hijacking with Hitag2. 21st USENIX Security Symposium.

112.

Verdult, R., et al. (2015). Dismantling megamos crypto: Wirelessly lockpicking a vehicle immobilizer. Supplement to the 22nd USENIX Security Symposium.

113.

Verendel, V., et al. (2008). An approach to using honeypots in in-vehicle networks. In 2008 IEEE 68th Vehicular Technology Conference. https://doi.org/10.1109/vetecf.2008.260.

114.

Wallentowitz, H., & Reif, K. (2010). Handbuch Kraftfahrzeugelektronik: Grundlagen - Komponenten – Systeme - Anwendungen (ATZ/MTZ-Fachbuch) (2., verb. u. akt. Aufl. 2011 Aufl.). Vieweg + Teubner.

115.

Watkins, M., & Wallace, K. (2008). CCNA security official exam certification guide (Exam 640–553). Amsterdam University Press.

116.

Weyl, B., et al. (2010). Secure on-board architecture specification. Technical report deliverable D3.2. EVITA Project. https://evita-project.org/deliverables.html. Zugriffsdatum 2021-06-01.

117.

Wolf, M. (2009). Security engineering for vehicular IT systems. Springer Vieweg.CrossRef

118.

Wolf, M., et al. (2004). Security in automotive bus systems. In Proceeding of the Workshop on Embedded IT-Security in Cars.

119.

Woo, S., et al. (2014). A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE Transactions on Intelligent Transportation Systems. https://doi.org/10.1109/tits.2014.2351612CrossRef

120.

Wouters, L., et al. (2020). Dismantling DST80-based immobiliser systems. IACR Transactions on Cryptographic Hardware and Embedded Systems. https://doi.org/10.46586/tches.v2020.i2.99-127CrossRef

121.

Yadav, A., et al. (2016). Security, vulnerability and protection of vehicular on-board diagnostics. International Journal of Security and Its Applications, 10(4), 405–422. https://doi.org/10.14257/ijsia.2016.10.4.36CrossRef

122.

Yan, Z., et al. (2020). IEEE access special section editorial: Trusted computing. IEEE Access, 8, 25722–25726. https://doi.org/10.1109/access.2020.2969768CrossRef

123.

Zimmermann, W., & Schmidgall, R. (2014). Bussysteme in der Fahrzeugtechnik: Protokolle, Standards und Softwarearchitektur (ATZ/MTZ-Fachbuch) (5., aktualisierte und erw. Aufl. 2014 Aufl.). Springer Vieweg.CrossRef

Title: Technische Security-Bausteine
Author: Manuel Wurm
Publisher: Springer Berlin Heidelberg
Book: Automotive Cybersecurity
Print ISBN: 978-3-662-64227-6

Electronic ISBN: 978-3-662-64228-3

Copyright Year: 2022
DOI: https://doi.org/10.1007/978-3-662-64228-3_5

Springer Professional

Zusammenfassung

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner