Posts

I am happy to announce that we will publish various research at the IARA SECURWARE 2024. Vehicle Security Operations Center for Cooperative, Connected and Automated Mobility The publication is a result of the EU-funded SELFY project. The work is a summary of the implementation of the Vehicle Security Operations Center (VSOC) we developed in the context of CCAM. Abstract of the publication Security Operations Centers (SOCs) are well established in the general IT domain. They provide IT security services, including collecting and correlating data, detecting and analyzing cybersecurity incidents, and applying dedicated reactions to such incidents. With the increasing digital capabilities of modern vehicles, appropriate reactions to cybersecurity incidents for vehicles and their ecosystem should be applied, too. Therefore, we propose a novel architecture for a Vehicle Security Operations Center (VSOC) in a Cooperative, Connected, and Automated Mobility (CCAM) environment. %The architecture consists of four components: an E-box to collect events, a D-box to hold relevant data, an A-box to analyze collected information, and an R-box to apply appropriate reactions to incidents and identified anomalies. To allow participants to consume relevant information, the Vehicle Security Operations Center provides an API to send data to the Vehicle Security Operations Center and participate as a subscriber (i.e., receive data from the Vehicle Security Operations Center). ...

The Bavarian State Ministry of Science and the Arts published a postdoc funding opportunity. The funding includes a fully funded postdoc position plus additional resources for the project at a German university. I am happy to announce that the Bavarian State Ministry of Science and the Arts funded my project proposal for AI-Driven Digital Forensics! I will start with the project on January 1st, 2024, at the Friedrich-Alexander-University Erlangen-Nürnberg within the research group of Prof. Dr. Felix Freiling. The project is funded for 2-4 years. I am very happy for this opportunity. It allows me to continue my research efforts in an awesome research group. I am particularly happy to continue to work at the institute where I know from my PhD. ...

ARES 2024 publication On July 30th, 2024 one of my co-workers Julian will present our work on the security of Battery Management Systems (BMS) at the ARES ‘24 conference in Vienna. You can find the publication here: https://dl.acm.org/doi/abs/10.1145/3664476.3671010 Abstract Lithium-ion batteries are becoming essential vehicle components with the ongoing shift to electric vehicles. Battery management systems manage these batteries. Typically, battery management systems used to be placed deep within the vehicle architecture, away from external interfaces. However, with increasing connectivity to backend systems, e.g., to improve monitoring battery properties and optimize charging, battery management systems have moved closer to the attack surface, increasing security risks. Also, batteries will soon be reused in so-called second life applications, e.g., as an energy storage system in a private home. While conventional methods involve removing the battery and reusing it with a new battery management system, modern methods retain the original system. Though security controls exist for first and second life applications, there is a lack of research on the transition phase. This paper analyzes the phase of transferring the battery management system from the first to the second life of particular relevance for security, privacy, and intellectual property. We try to close this research gap by analyzing the security aspects of a battery management system life cycle and its altering system environment. We are defining the transition phase, identifying necessary activities, and providing cybersecurity needs for the transitioning of battery management systems from first to second life. ...

Guest lecture on Networks, Databases, and Cloud Computing On February 14th, 2024 I was invited by the University of Groningen to give a guest lecture. The topic addressed the basics of computer networks, the internet, databases, cloud computing. The lecture was given for the law students of the university that require basic computer knowledge for their practices as lawyers.

Dagstuhl Seminar 23242 In June 2023, I participated in a Dagstuhl Seminar (number 23242) focusing on privacy aspects in automated and self-driving vehicles. Here, I gained new insights, connected with very interesting people, and determined various followup research questions for my research areas. The report for the Dagstuhl Seminar was finally published. I am very happy with the report and new insight we gained during the seminar! Abstract of the report: This report documents the program and the outcomes of Dagstuhl Seminar 23242 “Privacy Protection of Automated and Self-Driving Vehicles”. While privacy for connected vehicles has been considered for many years, automated and autonomous vehicles (AV) technology is still in its infancy and the privacy and data protection aspects for AVs are not well addressed. Their capabilities pose new challenges to privacy protection, given the large sensor arrays that collect data in public spaces and the integration of AI technology. During the seminar, several keynote presentations highlighted the research challenges from different perspectives, i.e. legal, ethical, and technological. It was also discussed extensively why vehicles need to make dynamic assessments of trust as an enabling factor for the secure communication and data sharing with other vehicles, but without increasing any privacy risks. Then, the main objective of the seminar was to produce a research road-map to address the major road-blockers in making progress on the way to deployment of privacy protection in automated and autonomous vehicles. First, the group identified six common scenarios of Cooperative, Connected and Automated Mobility (CCAM) during development and product life-cycle, and analyzed the privacy implications for each scenario. Second, it formulated the need to have a methodology to determine the cost-benefit trade-offs between privacy and other criteria like financial, usability, or safety. Third, it identified existing tools, frameworks, and PETs, and potential modifications that are needed to support the automotive industry and automotive scenarios. Finally, the group explored the interplay between privacy and trust, by elaborating on different trust properties based on performance, on ethical aspects, and on user acceptance. ...