Security in Mobility

IT security represents a major challenge in the automobile industry at present. The scope for attacking vehicles is also rising with the increased interconnection of vehicles and an increasingly large proportion of complex software in modern vehicles. The research area of automotive security considers the overarching IT security system for vehicles. The aim is to consider IT security throughout a vehicle’s entire development and product life cycle for functional groups overall. The key research area of automotive security is currently focusing on:

  • Security testing of automotive hardware and software, e.g. by means of automotive penetration testing, fuzzing
  • Model-based automotive security and test case generation from security models (e.g. attacker models for autonomous driving)
  • Safe vehicle communication (e.g. Secure Car2X, Secure CAN)
  • Reputation systems for vehicles

Projects

Developing safe software for vehicles: The MASSiF project

The importance of software in vehicles has been increasing for years. While there are many methods to ensure safety in the development of software for vehicles, security was not considered with the same intensity until recently, even though hackers managed to remotely take over and control a vehicle (Jeep Cherokee) as early as 2015. At the end of 2021, a standard was adopted in the form of ISO 21434, which prescribes a security development lifecycle for vehicles.
In the project Model-based Assurance of Security and Safety for Environment-based Vehicle Functions (MASSiF), models have been developed since 2019 to automatically generate security test cases for software in vehicles. The test system generates attacks automatically based on a database of attack modules as well as on an existing system model and the characteristics of the attacker. A special focus of the project is the interaction of functional safety and information security in the development of vehicles.

The security part of the MASSiF project is led by Professor Hans-Joachim Hof. Professor Hof heads the "Security in Mobility" research group at the CARISSMA Institute of Electric, Connected, and Secure Mobility. The research group regularly offers exciting theses. If you are interested, please contact Professor Hof (hof@thi.de).

Project HATS3 - hacking vehicles

Accidental or burning hybrid and electric vehicles receive special attention in the media landscape. This leads to uncertainty among prospective buyers and consequently to a loss of confidence in the technology. Vehicle accidents or fires are caused, among other things, by system malfunctions. Especially the large amount of complex software inevitably leads to errors in the system, which may represent a security gap and thus lead to vulnerabilities that malicious attackers can exploit to manipulate the software. On the one hand, this impairs the functionality of an ECU, such as the battery management system, and on the other hand, the ECU can be used as a basis for further attacks. The consequences are not only damage to the image of electromobility and recall actions, but also potential damage to people and the environment. The scenarios mentioned are currently fuelled by insufficient penetration testing and a lack of standards, norms and laws for vehicle security.
The central goals of the Holistic Automotive Testing of Security, Safety, and Storage (HATS3) project are to set up a test bench for realistic security tests on vehicles while stationary and on the move, and to enable security-relevant experiments to be carried out on hybrid and electric vehicles. In addition, a method for increasing the degree of automation in the area of automotive penetration testing is to be developed in order to be able to standardise tests on the one hand and on the other hand to be able to carry them out more cost-effectively and at the same time earlier, more often and more extensively. Another goal is the targeted development of knowledge in the field of IT forensics for warranty and insurance cases of hybrid and electric vehicles.


The HATS3 project is headed by Professor Hans-Joachim Hof. Professor Hof heads the "Security in Mobility" research group at the CARISSMA Institute of Electric, Connected, and Secure Mobility. The research group regularly offers exciting theses. If you are interested, please contact Professor Hof (hof@thi.de).

 

Blockchain for plagiarism protection of spare parts: The TRADE project

The high and increasing degree of networking of intelligent vehicles with each other and with their environment within the framework of an Automotive Cyber System (ACS) enables novel applications, but is also accompanied by new threats from attackers. Secure networking and secure access to all relevant system components or data are consequently becoming the decisive factors for the entire vehicle infrastructure and the confidence of vehicle occupants. It can be assumed that stakeholders or even the intelligent vehicles themselves will increasingly access components, integrated software, data and functions throughout the entire vehicle lifecycle. Consequently, a growing number of stakeholders will need access to a vehicle, its infrastructure, its functions or its data. Since an ACS consists of vehicles from different manufacturers, infrastructure facilities and mobility services from different providers, an ACS is inherently very heterogeneous. What is needed, therefore, is a cooperative and holistic approach to IT security, which has been lacking in the vision of "fully autonomous driving".
The research project TRADE (TRustworthy Autonomous Driving by DEcentralised Authen-tication and Authorisation) therefore aims to develop a secure, cooperative and scalable security solution. A decentralised identity management solution is to realise a "global" standardised identity layer for an automotive cyber system. The solution takes into account the requirements of all stakeholders as well as the automotive lifecycle. The decisive management of access to the automotive cyber system is to be imposed on the respective "owner" in the corresponding partial life cycle.
By focusing on the creation of a cooperative identity management solution that includes decentralised authentication and authorisation mechanisms, the basis for an overarching security concept for ACS is created. In the context of TRADE, the functionality and resilience of the envisaged solution is demonstrated using the example of the use case "automotive plagiarism protection" based on hardware from the project partner ETO.    

Video about the project on the website of the project partner ETO (Youtube-Link)

The security part of the TRADE project is led by Professor Hans-Joachim Hof. Professor Hof heads the research group "Security in Mobility" at the CARISSMA Institute of Electric, Connected, and Secure Mobility. The research group regularly offers exciting theses. If you are interested, please contact Professor Hof (hof@thi.de).

Protecting electric vehicles against attacks: The European MARBEL research project

Developing an innovative battery system and thus helping to shape the mobility of tomorrow - this is the task that researchers at THI are tackling together with 16 partners in the EU research project "MARBEL" (Manufacturing and Assembly of Modular and Reusable EV Battery for Environment-Friendly and Lightweight Mobility). The project aims to develop an innovative and environmentally friendly lightweight battery system with increased energy density and shorter charging time. A special focus is on protecting the battery systems of the future from attacks by hackers. The research group led by Prof. Dr.-Ing. Hans-Joachim Hof, is contributing to the definition of the system's IT security requirements and the development of the battery management system's connection to a cloud, with a focus on cyber security.  Professor Hof: "Battery systems of the future represent an attractive target for hackers. In MARBLE, my research group is developing protection methods against attacks in future mobility scenarios."

https://marbel-project.eu/ (Link to the official project website)

The research group regularly offers exciting theses. If you are interested, please contact Professor Hof (hof@thi.de).

 

Contact

Professor Hof leitet die Forschungsgruppe „Security in Mobility“ im CARISSMA Institute of Electric, Connected, and Secure Mobility. The research group regularly offers exciting theses. If you are interested, please contact Professor Hof (hof@thi.de).