|
The 4th escar - Embedded Security in Cars conference was held in Berlin at November 14-15, 2006 (www.escar.info). escar is the only conference worldwide to join applied academia and industry in the area of embedded security for automobiles. The conference was opened by the two founders of the conference, namely Prof. Paar of the Ruhr-University Bochum and Prof. Hubaux of the Ecoles Polytechniques Fédérales, Lausanne. They welcomed more than 60 international participants in Berlin. The various contributions of the automobile manufacturers, like BMW, DaimlerChrysler, Toyota und VW were followed with great interest.
Dr. Josef Wagenhuber and Burkhard Kuhls of the BMW Group presented the use of security-architecture of today and future automobiles. BMW already uses several security mechanisms for the authentication of downloaded software as well as for unlocking automotive applications and functions. Also a general cryptographic architecture for automobile security was presented. Overall the participants received a good insights into BMW’s innovations regarding IT-security in cars.
Ken Laberteaux of Toyota talked about the possibilities of providing high security for the car-to-infrastructure communication using vehicle-ad-hoc-networks (VANET) with only little budget available. Mr. Labertaux suggests for reasons of performance a protocol based on Timed Efficient Stream Loss-tolerant Authentication (TESLA) together with a PKI.
Amer Aijaz (Volkswagen AG) provided a contribution together with a group of the Technical University Darmstadt about Secure Revocable Anonymous Authenticated Inter-Vehicle Communication (SRAAC). This protocol secures an anonymous authentification for vehicle-Ad-Hoc-Networks. The advantages are that only little memory and bandwidth is necessary. In addition to this no lists of revoked certificates are needed. The scheme allows performing the certification while driving.
With great interest the main lecture of the second day of Mr. Peter Häußermann (Head of Elektrics/Elektronics Telematics, DaimlerChrysler) was anticipated. Mr. Häußermann described how to transfer the IT-security mechanisms from the PC-world into the automobile environment. Regarding to him the automobile becomes more and more a part of the IT world. In the computer-based world threats like loss of property, manipulation, no availability and body damage are resolved with prevention, detection and recovery. Regarding the automobile the financial losses are for example toll-fraud, illegal copies of navigation data and also theft of cars and original equipment. Manipulation means chip tuning and tacho manipulation. Non-availability can be caused by attackers by “waking up” the electronics in a parking car in order to empty the battery. Body damage can result from attacks to the electronics in the car and should be prevented in any case. To transfer the solutions from the computer world to the automotive world the systems inside a car are divided into networks, platforms and contents (software and user data). A short overview over protection of data content, protection of denial-of-service, automotive firewall and trusted computers for cars were given. The lecture was closed with a comment that traditional methods to achieve security can be transferred to the automobile. However, as Mr. Häußermann highlighted, these methods have to be adjusted to the car and the driver should not be aware of these security measurements.
Other topics of escar 2006 were the missing business models for IT security in the automotive area. Mr. Klaus Keus (Head of section „new technologies“, BSI) lectured about „Automotive security: security and IT requirements – necessity for a business model“.
Like in the past years the car-to-car (C2C) and car-to-infrastructure (C2I) communication played a major role. Prof. Pravin Varaiya (University of California, Berkeley) reported about the technology, costs, benefits, added value and potential gain of profit of C2C und C2I communication. Panos Papadimitratos (EPFL, Switzerland) added a security architecture for C2C communication. The contribution of Matthias Gerlach of the Frauenhofer Institut FOKUS reported about improvements of the privacy in the car.
Additionally interesting lectures of different areas were held.
The question on how to find security solution if applications and assumptions are not known were addressed by Frank Kargl of the University in Ulm.
Marko Wolf of escrypt GmbH - Embedded Security talked about the protection of the automobile security with a trusted computing architecture.
Markus Kuhn (University of Cambridge) gave an introduction about „Positioning Security“, that means protection and information of the position.
Peter Landrock of Cryptomathic, UK reported about his experiences with timed authentification for automotive communication based on light-weight digital signatures.
Michale Ellims (PI Technology) enlighted the question if security is necessary for safety
Finally the lectures of Tibor Farkas (FOKUS) focused on the development of safety and security software.
|
 |
|
