Posts

I am happy to announce that we will publish various research at the IARA SECURWARE 2024. Vehicle Security Operations Center for Cooperative, Connected and Automated Mobility The publication is a result of the EU-funded SELFY project. The work is a summary of the implementation of the Vehicle Security Operations Center (VSOC) we developed in the context of CCAM. Abstract of the publication Security Operations Centers (SOCs) are well established in the general IT domain. They provide IT security services, including collecting and correlating data, detecting and analyzing cybersecurity incidents, and applying dedicated reactions to such incidents. With the increasing digital capabilities of modern vehicles, appropriate reactions to cybersecurity incidents for vehicles and their ecosystem should be applied, too. Therefore, we propose a novel architecture for a Vehicle Security Operations Center (VSOC) in a Cooperative, Connected, and Automated Mobility (CCAM) environment. %The architecture consists of four components: an E-box to collect events, a D-box to hold relevant data, an A-box to analyze collected information, and an R-box to apply appropriate reactions to incidents and identified anomalies. To allow participants to consume relevant information, the Vehicle Security Operations Center provides an API to send data to the Vehicle Security Operations Center and participate as a subscriber (i.e., receive data from the Vehicle Security Operations Center). ...

The Bavarian State Ministry of Science and the Arts published a postdoc funding opportunity. The funding includes a fully funded postdoc position plus additional resources for the project at a German university. I am happy to announce that the Bavarian State Ministry of Science and the Arts funded my project proposal for AI-Driven Digital Forensics! I will start with the project on January 1st, 2024, at the Friedrich-Alexander-University Erlangen-Nürnberg within the research group of Prof. Dr. Felix Freiling. The project is funded for 2-4 years. I am very happy for this opportunity. It allows me to continue my research efforts in an awesome research group. I am particularly happy to continue to work at the institute where I know from my PhD. ...

ARES 2024 publication On July 30th, 2024 one of my co-workers Julian will present our work on the security of Battery Management Systems (BMS) at the ARES ‘24 conference in Vienna. You can find the publication here: https://dl.acm.org/doi/abs/10.1145/3664476.3671010 Abstract Lithium-ion batteries are becoming essential vehicle components with the ongoing shift to electric vehicles. Battery management systems manage these batteries. Typically, battery management systems used to be placed deep within the vehicle architecture, away from external interfaces. However, with increasing connectivity to backend systems, e.g., to improve monitoring battery properties and optimize charging, battery management systems have moved closer to the attack surface, increasing security risks. Also, batteries will soon be reused in so-called second life applications, e.g., as an energy storage system in a private home. While conventional methods involve removing the battery and reusing it with a new battery management system, modern methods retain the original system. Though security controls exist for first and second life applications, there is a lack of research on the transition phase. This paper analyzes the phase of transferring the battery management system from the first to the second life of particular relevance for security, privacy, and intellectual property. We try to close this research gap by analyzing the security aspects of a battery management system life cycle and its altering system environment. We are defining the transition phase, identifying necessary activities, and providing cybersecurity needs for the transitioning of battery management systems from first to second life. ...

Guest lecture on Networks, Databases, and Cloud Computing On February 14th, 2024 I was invited by the University of Groningen to give a guest lecture. The topic addressed the basics of computer networks, the internet, databases, cloud computing. The lecture was given for the law students of the university that require basic computer knowledge for their practices as lawyers.

Dagstuhl Seminar 23242 In June 2023, I participated in a Dagstuhl Seminar (number 23242) focusing on privacy aspects in automated and self-driving vehicles. Here, I gained new insights, connected with very interesting people, and determined various followup research questions for my research areas. The report for the Dagstuhl Seminar was finally published. I am very happy with the report and new insight we gained during the seminar! Abstract of the report: This report documents the program and the outcomes of Dagstuhl Seminar 23242 “Privacy Protection of Automated and Self-Driving Vehicles”. While privacy for connected vehicles has been considered for many years, automated and autonomous vehicles (AV) technology is still in its infancy and the privacy and data protection aspects for AVs are not well addressed. Their capabilities pose new challenges to privacy protection, given the large sensor arrays that collect data in public spaces and the integration of AI technology. During the seminar, several keynote presentations highlighted the research challenges from different perspectives, i.e. legal, ethical, and technological. It was also discussed extensively why vehicles need to make dynamic assessments of trust as an enabling factor for the secure communication and data sharing with other vehicles, but without increasing any privacy risks. Then, the main objective of the seminar was to produce a research road-map to address the major road-blockers in making progress on the way to deployment of privacy protection in automated and autonomous vehicles. First, the group identified six common scenarios of Cooperative, Connected and Automated Mobility (CCAM) during development and product life-cycle, and analyzed the privacy implications for each scenario. Second, it formulated the need to have a methodology to determine the cost-benefit trade-offs between privacy and other criteria like financial, usability, or safety. Third, it identified existing tools, frameworks, and PETs, and potential modifications that are needed to support the automotive industry and automotive scenarios. Finally, the group explored the interplay between privacy and trust, by elaborating on different trust properties based on performance, on ethical aspects, and on user acceptance. ...

37c3 talk I was able to share me insight on automotive digital forensics at the 37c3 in Hamburg. The video is coming soon. It will be published on media.ccc.de. Link to the slides Abstract The importance and relevance of vehicles in investigations are increasing. Their digital capabilities are rapidly growing due to the introduction of additional services and features in vehicles and their ecosystem. In this talk on automotive digital forensics, you will embark on a journey through the cutting-edge world of automotive technology and the critical role digital forensics plays in this domain. We will explore the state-of-the-art methods and tools to investigate modern vehicles, shedding light on forensic experts’ significant challenges. ...

Defense and detection in depth I have given a presentation at the Ninth EU MITRE ATT&CK® Community Workshop June 2, 2022 on this topic. Recordings are not available. However, you can find the presentation on the workshop website. The MITRE ATT&CK™ framework is used by SOCs (Security Operation Center), CERTs (Computer Emergency Response Team), and various other security teams in different organizations. It enables the description of tactics and techniques of various threats. The framework gives organizations the ability to determine an attacker’s current position in their attack and predict possible future moves. In addition, several tools use MITRE ATT&CK™ to provide a common vocabulary and naming of tactics and techniques. ...

Automotive Forensics - A Hands-on Showcase Abstract Modern vehicles are increasingly part of automotive forensics investigations. In addition, modern vehicles are getting more complex and connected at the same time. So there should be enough data that we can use in investigations right? Well, its not that easy! In this tutorial, I will present automotive, digital forensics, and automotive digital forensic fundamentals. We will require those to solve and actual case. Yes, we will conduct a forensic investigation together! In this case, we will go through all options while analysing evidence items that got handed to us as automotive forensic investigators. ...

Identification of Automotive Digital Forensics Stakeholders Abstract New technologies and features emerging in modern vehicles are widening the attack surface for malicious tampering. As a result, security incidents including vehicles are on the rise. Automotive digital forensics investigations allow resolving such security incidents. This paper presents a stakeholder-based reference model for automotive digital forensics. It is essential to focus on stakeholders to provide the best possible automotive digital forensics investigation for them. We identified twelve distinct stakeholders relevant to automotive digital forensics and assigned them to the vehicle life-cycle’s relevant phases. Furthermore, the stakeholders’ questions for forensics investigations and their resources get analyzed. We created a Venn diagram to highlight differences and similarities between the stakeholders. ...

Structured methodology and survey to evaluate data completeness in automotive digital forensics Abstract The collection and analysis of potential evidence in digital forensic investigations is a challenging task that made its arrival in the automotive domain. It is accompanied by increasingly complex in-vehicle components with high diversity in used technologies and a wide range of external interconnections — which raises the question of what sources of information in which formats are even available for any analysis. The main contribution of this paper is an answer to this question as well as a cross-domain methodology to validate the completeness of the results in a structured way. We introduce a three-step process. It starts with a brainstorming session to create an initial basis of knowledge in a specific area of research. In a second step, system archaeology analyses are employed to establish an advanced knowledge base stemming from design documents and similar resources. The second step widens and deepens the knowledge and provides means to evaluate the quality of the brainstorming session results. The third step establishes expert analyses. Relevant automotive digital forensics stakeholders (e.g., OEMs, suppliers, etc.) were interviewed to collect information from expert groups and evaluate both initial phases. Based on this analytical, syntactic, inductive, and systematic research method, we offer a complete perspective for a specific area of research. The presented methodology is implemented to identify a complete set of data formats in automotive digital forensics. We conducted an online survey to evaluate data formats and tools in digital forensics with 56 experts participating and identified a total of 60 different data formats used in this domain. ...