LEss Injuries by making cars SecURE Stefan NĂĽrnberger

News

27.04.2020

Shared material

Dear students,
I added the shared material in the CMS. Link: https://cms.cispa.saarland/leisure19/material/edit/2

Best,
Daniel

 

 

 

20.04.2020

Share course presentation & report between each other

Dear students,

One of you colleague asked if it's possible to share the course outcome between each other.
Since I am not sure if all you likes it or not, I am putting up a doodle so you can write your preference.
I will give one week of time, and if you don't... Read more

Dear students,

One of you colleague asked if it's possible to share the course outcome between each other.
Since I am not sure if all you likes it or not, I am putting up a doodle so you can write your preference.
I will give one week of time, and if you don't write your preference I will assume you are at least ok in sharing the presentation! Hope that is fine for all.

https://doodle.com/poll/tvc4hrb4k64xn4iw  

Hope you all are well!
Daniel

24.02.2020

Final submission

Dear students,

we opened the submission for the report and slides! The deadline is the 6th of March.
Please, submit the report (.pdf) and the slides (ideally also in .pdf) in a single archive! We won't grade the slide deck itself, don't be afraid :D
One... Read more

Dear students,

we opened the submission for the report and slides! The deadline is the 6th of March.
Please, submit the report (.pdf) and the slides (ideally also in .pdf) in a single archive! We won't grade the slide deck itself, don't be afraid :D
One submission per team is sufficient, just name it with your team topic and matr. number.
E.g: topic1_123456_654321.zip

Cheers,
Daniel

15.01.2020

LEISURE Presentation: Feb. 24 - 26 - time: 10:00-12:00

Dear students,

it seems everybody is ok in presenting during this period: February 24 - 26 (Mon, Tue, Wed) - time: 10:00-12:00.

I would organise the talks in this way:

Feb 24 (network & security): Topic 3 & Topic 5
Feb 25 (TCU & data collection): Topic 4 &... Read more

Dear students,

it seems everybody is ok in presenting during this period: February 24 - 26 (Mon, Tue, Wed) - time: 10:00-12:00.

I would organise the talks in this way:

Feb 24 (network & security): Topic 3 & Topic 5
Feb 25 (TCU & data collection): Topic 4 & Topic 1 
Feb 26 (Self-driving, testing, and attestation​): Topic 2 & Topic 6

Cheers,
Daniel

09.01.2020

Doodle for exam date selection

Dear students,

Here is the link to the doodle for choosing the exam date: https://doodle.com/poll/wemzxcgg2n7txrdn
The idea is to have 3 consecutive days in which 2 groups present each day.
Please, try to select as many days as possible and compile it by the... Read more

Dear students,

Here is the link to the doodle for choosing the exam date: https://doodle.com/poll/wemzxcgg2n7txrdn
The idea is to have 3 consecutive days in which 2 groups present each day.
Please, try to select as many days as possible and compile it by the end of next week (17.01.2020)!

Also, please compile the doodle by team (we just need one participates for each team to vote).
For participant name, you can use your topic number (e.g, 'Topic 1')

Remember that participating in the talks of the other teams is mandatory! 

Cheers,
Daniel

 

 

04.12.2019

Registration

Dear students,

some of you seem to have forgotten to register in LSF. The examination office told me the total count of registrations is 9, but here in CMS 14 are registered. So please write an email to Evelyn Kraska <kraska@cs.uni-saarland.de> immediately and... Read more

Dear students,

some of you seem to have forgotten to register in LSF. The examination office told me the total count of registrations is 9, but here in CMS 14 are registered. So please write an email to Evelyn Kraska <kraska@cs.uni-saarland.de> immediately and ask for your registration so I can enter your grades at the end of the semester. 

 

Thanks

19.11.2019

The forum is online!

The forum is online!
Sorry for the delay.

18.11.2019

Team and topic assignment

Dear Students,

here is the topic assignment. We tried our best to satisfy your preferences!  
If anybody is missing, please contact me at daniel.frassinelli@cispa.saarland


Topic 1: 2572872 & 2560303

Topic 2: 2572782 & 2574430

Topic... Read more

Dear Students,

here is the topic assignment. We tried our best to satisfy your preferences!  
If anybody is missing, please contact me at daniel.frassinelli@cispa.saarland


Topic 1: 2572872 & 2560303

Topic 2: 2572782 & 2574430

Topic 3: 2576200 & 2565910

Topic 4: 2563417 & 2566166

Topic 5: 2570483 & 2568521 & 2555829

Topic 6: 2563976 & 2542939

08.11.2019

Topic Selection & Template Download

Dear students,

please select your preferred topic here until Wednesday (Nov 13), 23:59.
You should all use the template we've uploaded here. Please adapt it to your needs.

08.11.2019

Topic references

Dear students,

we post the list of topic and references. Take a look at all documents to see what you think is fitting for you. The deadline to choose the topic will be Wednesday. Soon, we will also upload:

  • A latex template, with some more details on what... Read more

Dear students,

we post the list of topic and references. Take a look at all documents to see what you think is fitting for you. The deadline to choose the topic will be Wednesday. Soon, we will also upload:

  • A latex template, with some more details on what you need to write.
  • A doodle to book the exam date.
  • A doodle to vote your preferred topic.

In the meantime, a brief overview of what will be expected from you: For your chosen topic, you should analyse the related works we provide (which are a simple starting point) and find more yourself. The point of this work is to make a presentation and summary where you discuss such things:

 

  • Summarise the topic and related works, and describe what is the current state of the art in the field (both in terms of technology and usage by OEMs).
  • Perform an analysis of how such technologies could evolve in the future (i.e., how will automotive evolve in that aspect).
  • Discuss how this will affect the customers (privacy? security? added costs? etc.), with a particular focus on the persona(s) you define. This can be done by providing a few concrete use-cases.
  • Based on your use-cases, discuss the possible solution(s). Please, consider everything, from the life-time of the vehicle to the fact the OEMs need to recall possibly hundreds of thousands of cars if the solution doesn't work and cannot be remotely fixed! How would it affect your persona(s)? Would your solution allow for new tech to be implemented on top? Is it backwards-compatible? Forward-compatible? Etc.

In short, the idea of this seminar is to put you in the perspective of an OEM. This means you are not allowed to solve somethings by saying 'we encrypt everything', 'we do not sell data', and so on so forth. You must consider the implication of your solution, the complexity of maintaining it over time, how it will adapt for future models, will customers care about it, etc. We hope this will give you insights into how complex is to innovate and propose solutions for the automotive industry. Also, you will probably notice how such industry is anything but agile and that is decades behind the current state-of-the-art technologies.

 

Shared references

These are reads that everyone should look at. Also, feel free to read documents and articles from the other subtopics, as they might still be correlated to yours.

 

Topic 1. Data collection and analysis in vehicles

In this topic, you will analyse technologies that actively log and possibly identify a driver (e.g., log when and how you drive), identification (e.g., can the car know when you are driving and feeling unwell? can this be applied to court?), advertisements (how long before we see custom advertisements on the head unit?), etc.

 

Topic 2. Self-driving & sensor fusion

This topic is concerned more with the future of mobility. Will cars be self-driving, if yes how? How do we judge who is at fault if it is a probabilistic algorithm making a decision? How do you prove it to a judge? What could go wrong? Can we attack sensors? Can we prevent attacks? If yes, how? At which cost?

 

Topic 3. Automotive Security

In this topic, you will analyse the current state of the art in automotive security, especially in-vehicle networks. As of currently, there is no security, but in the future? Components can be replaced, updated, and possibly connected to the Internet. How do we assure that an attacker doesn't gain remote control of your vehicle? How do we protect the communication between ECUs (remember, a 50ms delay on packets telling the car to brake is unacceptable). Similarly, ECUs are cost-driven embedded controllers, with limited RAM and CPU. How will this evolve? Is the current architecture and design sufficient?

 

 

Topic 4. Telematic Control Unit, eCall, and connected dongles

In this topic, you will analyse TCUs and dongles (which are becoming increasingly used). They can be used for several things: from safety to data collection, remote control and debugging, update over the air etc. These devices will possibly revolutionise the automotive industry, as they will allow OEMs to (right now is not) securely push updates to 1) fix bugs, and 2) add features (e.g., TESLA). But many things could go wrong, especially as most of them have little to no security. How can we solve this?

 

Topic 5. Vehicle to infrastructure (V2I) and vehicle to vehicle (V2V) communication

It is definitely true that in the future of mobility, vehicles will be connected to everything. Assuming the two main technologies will be vehicle to vehicle (V2V) and vehicle to infrastructure (V2I), how this communication will happen? Via WLAN or mobile networks? With or without secure communication? What is the state of the art technologies? How all the OEMs manage or (plan) to implement them? Are there any standards? Can this be done security? What could go wrong? How can this affect security & privacy?

 

Topic 6. Vehicle testing, attestation & dynamic homologation

As of currently, cars are black-boxes which cannot be tested if not by the makers. This makes it very difficult for a third-party to verify claims. Also, it is currently impossible to re-configure them, as they would lose their homologation. The question is, how will this process evolve? Can it be made more open and streamlined? Can the community be involved in developing a road-legal vehicle? Can and how you prove to a third party that a vehicle is running the software you signed? How do you test your vehicle?

24.10.2019

Kick-Off and Topic Selection on Nov 04 at 15:00

The kick-off and topic selection will be on Monday, November 04 at 15:00 at room 0.07 at CISPA (building E9.1). 

See you all then!

Show all
 

Less Injuries by Making Cars Secure

Cars have ceased to be purely mechanical devices since their computerised counterparts are usually cheaper to manufacture and provide more functionalities. Even in the entry-level segment, modern cars feature at least ten different computers, so-called Electronic Control Units (ECUs). These ECUs pose a risk to the security and privacy of passengers. In this block seminar, you are required to work in teams of 2 students and write a seminar report and give a presentation on one topic that you choose.

 

Topics and Template

 

Procedure

Mon
Nov 04
15:00

CISPA
room 0.07

Kick-Off

Presentation of different topics:

Topics
Privacy Security
  • Data collection in modern cars
  • Pay-as-you-drive Insurance tariffs
  • Driver identification based on behaviour
  • European Emergency Call (eCall)
  • Telematic Control Units
  • Sensor spoofing (GPS, Radar, RDS, ...)
  • Security risks of connected devices (OBD, charging stations and protocols)
  • Vehicle-to-Vehicle (V2V) communication & Vehicle to Infrastructure comm.
  • In-vehicle networks between ECUs
  • Autonomous driving verification
  • Embedded Systems / ECU fuzzing
  • Dynamic Homologation

 

You can then vote for up to three topics from above and an algorithm will fairly assign each student a topic such that most needs are met.

Introduction to personas to make analysis you have to do more realistic and interesting.

A Persona is a simple tool to create your product with a specific target user in mind rather than a generic one. It’s a representation of the real target audience and helps you to tailor your thoughts to a specific use case/user.

During the semester

You have to write a report and prepare the presentation about a topic that you got.

The content shall be about the topic with respect to the presented personas (i.e. how people actually use cars, taking into account that components may fail, that electronics might be destroyed in an accident and so on...).

The report/presentation should be about the same content.

Feb 24-26
10:00 - 12:00

Presentation of the topic according to our persona

Each of the 6 groups has to give a short presentation (30 min + 10 min Q&A) about their topic. We will choose a week in which 2 groups will present per day -- so in total there will be three (mandatory) presentation days. Additionally, you have to hand in the seminar paper which will be graded together with the presentation.

 

 

 

 

 

 

Requirements: 

Basic knowledge of security and interest in vehicles (cars, bikes, ...) and privacy concerns.

Places: 12

Registration in LSF

The university requires you to register yourself in LSF no later than 3 weeks after the kick-off. Otherwise, we cannot enter your grades at the end of the semester. So please do you ASAP after you got the topic at the kick-off event (Nov 04).

The computer science department lets you know that you cannot register in LSF if your corse of studies is one of the following:

  • Wirtschaftsinformatiker (Business Informatics)
  • Erasmus students
  • Guest students
  • Bachelor/Master DSAI

In these cases, you'll get an old-fashioned paper certificate that you can bring to your respective examination office.



Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators