Publications

Publications of type Article

Filter by Year: All, 2022, 2021, 2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008,
Filter by Type: All, Book, Article, Chapter, Conference Proceedings, Edited Conference Proceedings, Master Thesis, Bachelor Thesis, Technical Report, Miscellaneous,
Filter by Language: All, English, German,

    2022

    • Timo Häckel, Philipp Meyer, Franz Korf, and Thomas C. Schmidt. Secure Time-Sensitive Software-Defined Networking in Vehicles. In: . Jan. 2022,
      [Abstract], [DOI], [ArXiv], [Bibtex]

      Current designs of future In-Vehicle Networks (IVN) prepare for switched Ethernet backbones, which can host advanced LAN technologies such as IEEE Time-Sensitive Networking (TSN) and Software-Defined Networking (SDN). In this work, we present an integrated Time-Sensitive Software-Defined Networking (TSSDN) architecture that simultaneously enables control of synchronous and asynchronous real-time and best-effort traffic for all IVN traffic classes using a central SDN controller. We validate that the control overhead of SDN can be added without a delay penalty for TSN traffic, provided protocols are properly mapped. Based on our TSSDN concept, we demonstrate adaptable and reliable network security mechanisms for in-vehicle communication. We systematically investigate different strategies for integrating in-vehicle control flows with switched Ether-networks and analyze their security implications for a software-defined IVN. We discuss embeddings of control flow identifiers on different layers, covering a range from a fully exposed mapping to deep encapsulations. We experimentally evaluate these strategies in a production vehicle which we map to a modern Ethernet topology. Our findings indicate that visibility of automotive control flows on lower network layers is essential for providing isolation and access control throughout the network infrastructure. Such a TSSDN backbone can establish and survey trust zones within the IVN and reduce the attack surface of connected cars in various attack scenarios.

      @Article{         hmks-stsdn-22,
        author        = {Timo H{\"a}ckel AND Philipp Meyer AND Franz Korf AND
                        Thomas C. Schmidt},
        title         = {{Secure Time-Sensitive Software-Defined Networking in
                        Vehicles}},
        month         = jan,
        year          = 2022,
        doi           = {https://doi.org/10.48550/arXiv.2201.00589},
        eprinttype    = {arxiv},
        eprint        = {2201.00589},
        abstract      = {Current designs of future In-Vehicle Networks (IVN)
                        prepare for switched Ethernet backbones, which can host
                        advanced LAN technologies such as IEEE Time-Sensitive
                        Networking (TSN) and Software-Defined Networking (SDN). In
                        this work, we present an integrated Time-Sensitive
                        Software-Defined Networking (TSSDN) architecture that
                        simultaneously enables control of synchronous and
                        asynchronous real-time and best-effort traffic for all IVN
                        traffic classes using a central SDN controller. We validate
                        that the control overhead of SDN can be added without a
                        delay penalty for TSN traffic, provided protocols are
                        properly mapped. Based on our TSSDN concept, we demonstrate
                        adaptable and reliable network security mechanisms for
                        in-vehicle communication. We systematically investigate
                        different strategies for integrating in-vehicle control
                        flows with switched Ether-networks and analyze their
                        security implications for a software-defined IVN. We
                        discuss embeddings of control flow identifiers on different
                        layers, covering a range from a fully exposed mapping to
                        deep encapsulations. We experimentally evaluate these
                        strategies in a production vehicle which we map to a modern
                        Ethernet topology. Our findings indicate that visibility of
                        automotive control flows on lower network layers is
                        essential for providing isolation and access control
                        throughout the network infrastructure. Such a TSSDN
                        backbone can establish and survey trust zones within the
                        IVN and reduce the attack surface of connected cars in
                        various attack scenarios.},
        groups        = {own, publications, simulation, tsn, security, sdn},
        langid        = {english}
      }

    2021

    • Philipp Meyer, Timo Häckel, Sandra Reider, Franz Korf, and Thomas C. Schmidt. Network Anomaly Detection in Cars: A Case for Time-Sensitive Stream Filtering and Policing. In: . Dec. 2021,
      [Abstract], [ArXiv], [Bibtex]

      Connected cars are vulnerable to cyber attacks. Security challenges arise from vehicular management uplinks, from signaling with roadside units or nearby cars, as well as from common Internet services. Major threats arrive from bogus traffic that enters the in-car backbone, which will comprise of Ethernet technologies in the near future. Various security techniques from different areas and layers are under discussion to protect future vehicles. In this paper, we show how Per-Stream Filtering and Policing of IEEE Time-Sensitive Networking (TSN) can be used as a core technology for identifying misbehaving traffic flows in cars, and thereby serve as network anomaly detectors. TSN is the leading candidate for implementing quality of service in vehicular Ethernet backbones. We classify the impact of network attacks on traffic flows and benchmark the detection performance in each individual class. Based on a backbone topology derived from a real car and its traffic definition, we evaluate the detection system in realistic scenarios with real attack traces. Our results show that the detection accuracy depends on the precision of the in-vehicle communication specification, the traffic type, the corruption layer, and the attack impact on the link layer. Most notably, the anomaly indicators of our approach remain free of false positive alarms, which is an important foundation for implementing automated countermeasures in future vehicles.

      @Article{         mhrks-nadct-21,
        author        = {Philipp Meyer AND Timo H{\"a}ckel AND Sandra Reider AND
                        Franz Korf AND Thomas C. Schmidt},
        title         = {{Network Anomaly Detection in Cars: A Case for
                        Time-Sensitive Stream Filtering and Policing}},
        month         = dec,
        year          = 2021,
        eprinttype    = {arxiv},
        eprint        = {2112.11109},
        abstract      = {Connected cars are vulnerable to cyber attacks. Security
                        challenges arise from vehicular management uplinks, from
                        signaling with roadside units or nearby cars, as well as
                        from common Internet services. Major threats arrive from
                        bogus traffic that enters the in-car backbone, which will
                        comprise of Ethernet technologies in the near future.
                        Various security techniques from different areas and layers
                        are under discussion to protect future vehicles. In this
                        paper, we show how Per-Stream Filtering and Policing of
                        IEEE Time-Sensitive Networking (TSN) can be used as a core
                        technology for identifying misbehaving traffic flows in
                        cars, and thereby serve as network anomaly detectors. TSN
                        is the leading candidate for implementing quality of
                        service in vehicular Ethernet backbones. We classify the
                        impact of network attacks on traffic flows and benchmark
                        the detection performance in each individual class. Based
                        on a backbone topology derived from a real car and its
                        traffic definition, we evaluate the detection system in
                        realistic scenarios with real attack traces. Our results
                        show that the detection accuracy depends on the precision
                        of the in-vehicle communication specification, the traffic
                        type, the corruption layer, and the attack impact on the
                        link layer. Most notably, the anomaly indicators of our
                        approach remain free of false positive alarms, which is an
                        important foundation for implementing automated
                        countermeasures in future vehicles.},
        groups        = {own, publications, simulation},
        langid        = {english}
      }

    2019

    • Till Steinbach. Ethernet-based Network Architectures for Future Real-time Systems in the Car. In: ATZ worldwide. Pages 72—77, Jul. 2019,
      [Online], [DOI], [Bibtex]
      @Article{         s-enafr-19,
        author        = {Steinbach, Till},
        title         = {Ethernet-based Network Architectures for Future Real-time
                        Systems in the Car},
        journal       = {ATZ worldwide},
        month         = jul,
        year          = 2019,
        pages         = {72--77},
        volume        = {121},
        number        = {7},
        url           = {https://doi.org/10.1007/s38311-019-0071-x},
        issn          = {2192-9076},
        doi           = {10.1007/s38311-019-0071-x},
        day           = {01},
        groups        = {own, publications},
        langid        = {english}
      }
    • Till Steinbach. Ethernet-basierte Netzwerkarchitekturen für künftige Echtzeitsysteme im Automobil. In: ATZ - Automobiltechnische Zeitschrift. Pages 86—91, Jul. 2019,
      [Online], [DOI], [Bibtex]
      @Article{         s-enkea-19,
        author        = {Steinbach, Till},
        title         = {Ethernet-basierte Netzwerkarchitekturen f{\"u}r
                        k{\"u}nftige Echtzeitsysteme im Automobil},
        journal       = {ATZ - Automobiltechnische Zeitschrift},
        month         = jul,
        year          = 2019,
        pages         = {86--91},
        volume        = {121},
        number        = {7},
        url           = {https://doi.org/10.1007/s35148-019-0071-6},
        issn          = {2192-8800},
        doi           = {10.1007/s35148-019-0071-6},
        day           = {01},
        groups        = {own, publications},
        langid        = {ngerman}
      }

    2012

    • Till Steinbach, Franz Korf, and Thomas C. Schmidt. Simulation und Evaluation von Echtzeit-Ethernet in Fahrzeugnetzen. In: PIK - Praxis der Informationsverarbeitung und Kommunikation. Pages 67—74, Berlin, Mai. 2012, De Gruyter,
      [Abstract], [Fulltext Document (pdf)], [Bibtex]

      Die Zunahme von elektronischen Systemen insbesondere im Fahrerassistenz- und Komfortbereich der Fahrzeuge drängt die etablierten Automotive-Kommunikations\-technologien an die Grenze ihrer Leistungsfähigkeit. Ein neuer Ansatz für die Kommunikation zwischen Steuergeräten ist Ethernet im Automobil. Echtzeiterweiterungen haben den Einsatzbereich von Standard-Switched-Ethernet auf zeitkritische Anwendungen ausgedehnt. Diese Arbeit stellt eine simulationsbasierte Evaluationsstrategie für Echtzeit-Ethernet-basierte Vermittlungsinfrastrukturen im Fahrzeug vor. Wir führen eine gründliche Analyse des zugrundeliegenden Simulationsmodells durch, welche die Simulationsergebnisse mit Berechnungen eines mathematischen Modells und Messungen auf echter Hardware vergleicht. Sehr präzise Übereinstimmungen belegen die Gültigkeit der Implementierung und der mit ihr ermittelten Kenngrößen.

      @Article{         sks-seeef-12,
        author        = {Till Steinbach AND Franz Korf AND Thomas C. Schmidt},
        title         = {{Simulation und Evaluation von Echtzeit-Ethernet in
                        Fahrzeugnetzen}},
        journal       = {PIK - Praxis der Informationsverarbeitung und
                        Kommunikation},
        month         = may,
        year          = 2012,
        pages         = {67--74},
        volume        = {35},
        number        = {2},
        publisher     = {De Gruyter},
        address       = {Berlin},
        issn          = {0930-5157},
        abstract      = {Die Zunahme von elektronischen Systemen insbesondere im
                        Fahrerassistenz- und Komfortbereich der Fahrzeuge
                        dr{\"a}ngt die etablierten
                        Automotive-Kommunikations\-technologien an die Grenze ihrer
                        Leistungsf{\"a}higkeit. Ein neuer Ansatz f{\"u}r die
                        Kommunikation zwischen Steuerger{\"a}ten ist Ethernet im
                        Automobil. Echtzeiterweiterungen haben den Einsatzbereich
                        von Standard-Switched-Ethernet auf zeitkritische
                        Anwendungen ausgedehnt. Diese Arbeit stellt eine
                        simulationsbasierte Evaluationsstrategie f{\"u}r
                        Echtzeit-Ethernet-basierte Vermittlungsinfrastrukturen im
                        Fahrzeug vor. Wir f{\"u}hren eine gr{\"u}ndliche Analyse
                        des zugrundeliegenden Simulationsmodells durch, welche die
                        Simulationsergebnisse mit Berechnungen eines mathematischen
                        Modells und Messungen auf echter Hardware vergleicht. Sehr
                        pr{\"a}zise {\"U}bereinstimmungen belegen die
                        G{\"u}ltigkeit der Implementierung und der mit ihr
                        ermittelten Kenngr{\"o}{\ss}en.},
        groups        = {own, publications, simulation},
        langid        = {ngerman}
      }