Publications


2021

  • T. Haugg, M. F. Soltani, Timo Häckel, P. Meyer, F. Korf, and T. C. Schmidt, “Simulation-based Evaluation of a Synchronous Transaction Model for Time-Sensitive Software-Defined Networks,” in Proceedings of the 8th International OMNeT++ Community Summit 2021, 2021.
    [Bibtex] [Abstract] [Slides] [External Link]
    @InProceedings{ hshmk-ssttn-21,
    author = {Tobias Haugg and Mohammad Fazel Soltani and Timo
    H{\"a}ckel and Philipp Meyer and Franz Korf and Thomas C.
    Schmidt},
    title = {{Simulation-based Evaluation of a Synchronous Transaction
    Model for Time-Sensitive Software-Defined Networks}},
    booktitle = {Proceedings of the 8th International OMNeT++ Community
    Summit 2021},
    month = oct,
    year = 2021,
    url = {https://arxiv.org/abs/2110.00236},
    eprinttype = {arxiv},
    eprint = {2110.00236},
    abstract = {Real-time networks based on Ethernet require robust
    quality-of-service for time-critical traffic. The
    Time-Sensitive Networking (TSN) collection of standards
    enables this in real-time environments like vehicle
    on-board networks. Runtime reconfigurations in TSN must
    respect the deadlines of real-time traffic.
    Software-Defined Networking (SDN) moves the control plane
    of network devices to the SDN controller, making these
    networks programmable. This allows reconfigurations from a
    central point in the network. In this work, we present a
    transactional model for network reconfigurations that are
    synchronously executed in all network devices. We evaluate
    its performance in a case study against non-transactional
    reconfigurations and show that synchronous transactions
    enable consistency for reconfigurations in TSN without
    increased latencies for real-time frames. },
    langid = {english},
    archiveprefix = {arXiv},
    primaryclass = {cs.NI}
    }
    Real-time networks based on Ethernet require robust quality-of-service for time-critical traffic. The Time-Sensitive Networking (TSN) collection of standards enables this in real-time environments like vehicle on-board networks. Runtime reconfigurations in TSN must respect the deadlines of real-time traffic. Software-Defined Networking (SDN) moves the control plane of network devices to the SDN controller, making these networks programmable. This allows reconfigurations from a central point in the network. In this work, we present a transactional model for network reconfigurations that are synchronously executed in all network devices. We evaluate its performance in a case study against non-transactional reconfigurations and show that synchronous transactions enable consistency for reconfigurations in TSN without increased latencies for real-time frames.
  • [DOI] S. Reider, P. Meyer, T. Häckel, F. Korf, and T. C. Schmidt, “Integration realer Angriffe in simulierte Echtzeit- Ethernet-Netzwerke,” in Echtzeit 2020, Wiesbaden, 2021, p. 51–60.
    [Bibtex] [Abstract]
    @InProceedings{ rmhks-irasn-21,
    author = {Sandra Reider AND Philipp Meyer AND Timo H{\"a}ckel AND
    Franz Korf AND Thomas C. Schmidt},
    title = {{Integration realer Angriffe in simulierte Echtzeit-
    Ethernet-Netzwerke}},
    booktitle = {Echtzeit 2020},
    month = jan,
    year = 2021,
    pages = {51--60},
    publisher = {Springer Vieweg},
    address = {Wiesbaden},
    isbn = {978-3-658-32818-4},
    doi = {10.1007/978-3-658-32818-4_6},
    abstract = {Ethernet wird zunehmend Bestandteil moderner Fahrzeugnetze
    und bildet die aussichtsreichste Technologie f{\"u}r
    k{\"u}nftige Hochgeschwindigkeits-Backbones im Auto.
    "Connected Vehicles" {\"o}ffnen gleichzeitig ihre internen
    Fahrzeugnetzwerke nach au{\ss}en und erm{\"o}glichen so
    eine Vielzahl neuer Angriffe, f{\"u}r die neue
    Sicherheitskonzepte entwickelt werden m{\"u}ssen.
    Sicherheitskonzepte und -mechanismen vor ihrer
    Einf{\"u}hrung in einer Simulationsumgebungen zu testen,
    ist flexibel, schnell und kosteng{\"u}nstig. In dieser
    Arbeit stellen wir ein Konzept vor, mit dem realer
    Angriffsverkehr aufgezeichnet und in eine
    Simulationsumgebung eingespielt werden kann. Dieses
    evaluieren wir am Beispiel eines DoS-Angriffs und
    k{\"o}nnen zeigen, dass die erwarteten Auswirkungen des
    abgespielten Angriffs in der Simulation wiedergegeben werden.},
    booksubtitle = {Kommunikationssicherheit im Internet der Dinge (IoT)},
    series = {Informatik aktuell},
    langid = {ngerman}
    }
    Ethernet wird zunehmend Bestandteil moderner Fahrzeugnetze und bildet die aussichtsreichste Technologie für künftige Hochgeschwindigkeits-Backbones im Auto. “Connected Vehicles” öffnen gleichzeitig ihre internen Fahrzeugnetzwerke nach außen und ermöglichen so eine Vielzahl neuer Angriffe, für die neue Sicherheitskonzepte entwickelt werden müssen. Sicherheitskonzepte und -mechanismen vor ihrer Einführung in einer Simulationsumgebungen zu testen, ist flexibel, schnell und kostengünstig. In dieser Arbeit stellen wir ein Konzept vor, mit dem realer Angriffsverkehr aufgezeichnet und in eine Simulationsumgebung eingespielt werden kann. Dieses evaluieren wir am Beispiel eines DoS-Angriffs und können zeigen, dass die erwarteten Auswirkungen des abgespielten Angriffs in der Simulation wiedergegeben werden.

2020

  • [PDF] [DOI] P. Meyer, T. Häckel, F. Langer, L. Stahlbock, J. Decker, S. A. Eckhardt, F. Korf, T. C. Schmidt, and F. Schüppel, “Demo: A Security Infrastructure for Vehicular Information Using SDN, Intrusion Detection, and a Defense Center in the Cloud,” in 2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020), Piscataway, NJ, USA, 2020.
    [Bibtex] [Abstract]
    @InProceedings{mhlsd-dsivi-20,
    author = {Philipp Meyer and Timo H{\"a}ckel and Falk Langer and Lukas Stahlbock and Jochen Decker and Sebastian A. Eckhardt and Franz Korf and Thomas C. Schmidt and Fabian Sch{\"u}ppel},
    booktitle = {2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020)},
    title = {{Demo: A Security Infrastructure for Vehicular Information Using {SDN,} Intrusion Detection, and a Defense Center in the Cloud}},
    year = {2020},
    publisher = {IEEE Press},
    address = {Piscataway, NJ, USA},
    location = {Online},
    month = dec,
    abstract = {Vehicular on-board communication is the basis for advanced driver
    assistance, autonomous driving, over-the-air updates, and many more. If
    unprotected, this infrastructure is vulnerable to manipulation and various
    attacks. As any networked system, future connected cars require robust
    protection, monitoring, and incidence management against cyber-attacks
    during their lifetime. We demonstrate an infrastructure that secures the
    in-vehicle communication system and enables the security management of an
    entire vehicle fleet. Our prototype - a real-world production car - uses an
    Ethernet backbone network. It implements protective measures using
    software-defined networking, anomaly detection technologies, and is
    connected to a cyber defense center in the cloud. We demonstrate how this
    combination can reliably detect and mitigate common attacks on the vehicle
    - including its legacy components.},
    doi={10.1109/VNC51378.2020.9318351},
    }
    Vehicular on-board communication is the basis for advanced driver assistance, autonomous driving, over-the-air updates, and many more. If unprotected, this infrastructure is vulnerable to manipulation and various attacks. As any networked system, future connected cars require robust protection, monitoring, and incidence management against cyber-attacks during their lifetime. We demonstrate an infrastructure that secures the in-vehicle communication system and enables the security management of an entire vehicle fleet. Our prototype – a real-world production car – uses an Ethernet backbone network. It implements protective measures using software-defined networking, anomaly detection technologies, and is connected to a cyber defense center in the cloud. We demonstrate how this combination can reliably detect and mitigate common attacks on the vehicle – including its legacy components.
  • [PDF] [DOI] T. Häckel, A. Schmidt, P. Meyer, F. Korf, and T. C. Schmidt, “Strategies for Integrating Controls Flows in Software-Defined In-Vehicle Networks and Their Impact on Network Security,” in 2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020), Piscataway, NJ, USA, 2020.
    [Bibtex] [Abstract] [Slides]
    @InProceedings{hsmks-sicfs-20,
    author = {Timo H{\"a}ckel and Anja Schmidt and Philipp Meyer and Franz Korf and Thomas C. Schmidt},
    booktitle = {2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020)},
    title = {{Strategies for Integrating Controls Flows in Software-Defined In-Vehicle Networks and Their Impact on Network Security}},
    year = {2020},
    publisher = {IEEE Press},
    address = {Piscataway, NJ, USA},
    location = {Online},
    month = dec,
    abstract = {Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs)
    via domain busses. A gateway forwards messages between these domains.
    Automotive Ethernet emerges as a flat, high-speed backbone technology for
    IVNs that carries the various control flows within Ethernet frames.
    Recently, Software-Defined Networking (SDN) has been identified as a useful
    building block of the vehicular domain, as it allows the differentiation of
    packets based on all header fields and thus can isolate unrelated control
    flows.
    In this work, we systematically explore the different strategies for
    integrating automotive control flows in switched Ether-networks and analyze
    their security impact for a software-defined IVN. We discuss how control
    flow identifiers can be embedded on different layers resulting in a range
    of solutions from fully exposed embedding to deep encapsulation. We
    evaluate these strategies in a realistic IVN based on the communication
    matrix of a production grade vehicle, which we map into a modern Ethernet
    topology. We find that visibility of automotive control flows within packet
    headers is essential for the network infrastructure to enable isolation and
    access control. With an exposed embedding, the SDN backbone can establish
    and survey trust zones within the IVN and largely reduce the attack surface
    of connected cars. An exposed embedding strategy also minimizes
    communication expenses.},
    doi={10.1109/VNC51378.2020.9318372},
    }
    Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs) via domain busses. A gateway forwards messages between these domains. Automotive Ethernet emerges as a flat, high-speed backbone technology for IVNs that carries the various control flows within Ethernet frames. Recently, Software-Defined Networking (SDN) has been identified as a useful building block of the vehicular domain, as it allows the differentiation of packets based on all header fields and thus can isolate unrelated control flows. In this work, we systematically explore the different strategies for integrating automotive control flows in switched Ether-networks and analyze their security impact for a software-defined IVN. We discuss how control flow identifiers can be embedded on different layers resulting in a range of solutions from fully exposed embedding to deep encapsulation. We evaluate these strategies in a realistic IVN based on the communication matrix of a production grade vehicle, which we map into a modern Ethernet topology. We find that visibility of automotive control flows within packet headers is essential for the network infrastructure to enable isolation and access control. With an exposed embedding, the SDN backbone can establish and survey trust zones within the IVN and largely reduce the attack surface of connected cars. An exposed embedding strategy also minimizes communication expenses.
  • [PDF] [DOI] R. Rotermund, T. Häckel, P. Meyer, F. Korf, and T. C. Schmidt, “Requirements Analysis and Performance Evaluation of SDN Controllers for Automotive Use Cases,” in 2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020), Piscataway, NJ, USA, 2020.
    [Bibtex] [Abstract] [Slides]
    @InProceedings{rhmks-rapesc-20,
    author = {Randolf Rotermund and Timo H{\"a}ckel and Philipp Meyer and Franz Korf and Thomas C. Schmidt},
    booktitle = {2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020)},
    title = {{Requirements Analysis and Performance Evaluation of {SDN} Controllers for Automotive Use Cases}},
    year = {2020},
    publisher = {IEEE Press},
    address = {Piscataway, NJ, USA},
    location = {Online},
    month = dec,
    abstract = {Future vehicles will be more connected than ever leading to increased dynamics in vehicle on-board networks.
    Software-Defined Networking (SDN) is a promising technology to meet the emerging needs for flexibility and security in future automotive use cases.
    Although SDN controllers have been evaluated in data center networks, to the best of our knowledge there is a lack of an analysis and performance evaluation of SDN controllers for automotive use cases.
    In this work we provide a detailed requirements analysis for the use of SDN controllers in cars.
    Based on this requirements analysis we choose existing controller implementations for a performance analysis.
    Finally, we analyze automotive specific use cases for SDN controllers with controller application examples and show how these can fulfill additional requirements.
    Our evaluation provides a helpful basis for the design and development of SDN controllers that can be used in vehicles.},
    doi={10.1109/VNC51378.2020.9318378},
    }
    Future vehicles will be more connected than ever leading to increased dynamics in vehicle on-board networks. Software-Defined Networking (SDN) is a promising technology to meet the emerging needs for flexibility and security in future automotive use cases. Although SDN controllers have been evaluated in data center networks, to the best of our knowledge there is a lack of an analysis and performance evaluation of SDN controllers for automotive use cases. In this work we provide a detailed requirements analysis for the use of SDN controllers in cars. Based on this requirements analysis we choose existing controller implementations for a performance analysis. Finally, we analyze automotive specific use cases for SDN controllers with controller application examples and show how these can fulfill additional requirements. Our evaluation provides a helpful basis for the design and development of SDN controllers that can be used in vehicles.
  • [PDF] F. Langer, F. Schüppel, and L. Stahlbock, “Incident Response for Vehicular Systems – More than online Updates,” in 18th escar Europe : The World’s Leading Automotive Cyber Security Conference, , 2020.
    [Bibtex] [Abstract] [Slides] [External Link]
    @incollection{LangerSchueppelStahlbock2020,
    author = {Falk Langer and Fabian Sch{\"u}ppel and Lukas Stahlbock},
    title = {{Incident Response for Vehicular Systems – More than online Updates}},
    booktitle = {18th escar Europe : The World's Leading Automotive Cyber Security Conference},
    year = {2020},
    url = {https://hss-opus.ub.ruhr-unibochum.de/opus4/frontdoor/index/index/searchtype/collection/id/16901/docId/7553/start/0/rows/10},
    abstract = {Cybersecurity incidence response is an important building block for the safe operation of vehicles over their lifetime. The systems in need of protection within the vehicle are vulnerable to attacks over the internet. The strict safety requirements, complexity and large number of vehicle variants on the other hand lead to the issue, that in the case of a discovered vulnerability, developing an update fixing said vulnerability will take a long time – most likely making damage by attacks a certainty.
    Within this paper, we show mechanisms to speed up the incidence response. For this reason two new levels of responses are proposed, which allow a reaction within minutes without impairing the requirement of safe and reliable operation.},
    }
    Cybersecurity incidence response is an important building block for the safe operation of vehicles over their lifetime. The systems in need of protection within the vehicle are vulnerable to attacks over the internet. The strict safety requirements, complexity and large number of vehicle variants on the other hand lead to the issue, that in the case of a discovered vulnerability, developing an update fixing said vulnerability will take a long time – most likely making damage by attacks a certainty. Within this paper, we show mechanisms to speed up the incidence response. For this reason two new levels of responses are proposed, which allow a reaction within minutes without impairing the requirement of safe and reliable operation.
  • [PDF] [DOI] P. Meyer, T. Häckel, F. Korf, and T. C. Schmidt, “Network Anomaly Detection in Cars based on Time-Sensitive Ingress Control,” in 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall), Piscataway, NJ, USA, 2020, p. 1–5.
    [Bibtex] [Abstract] [Slides]
    @InProceedings{ mhks-nadci-20,
    author = {Philipp Meyer and Timo H{\"a}ckel and Franz Korf and
    Thomas C. Schmidt},
    title = {{Network Anomaly Detection in Cars based on Time-Sensitive
    Ingress Control}},
    booktitle = {2020 IEEE 92nd Vehicular Technology Conference
    (VTC2020-Fall)},
    location = {Online},
    month = nov,
    year = 2020,
    pages = {1--5},
    publisher = {IEEE Press},
    address = {Piscataway, NJ, USA},
    doi = {10.1109/VTC2020-Fall49728.2020.9348746},
    abstract = {Connected cars need robust protection against network
    attacks. Network anomaly detection and prevention on board
    will be particularly fast and reliable when situated on the
    lowest possible layer. Blocking traffic on a low layer,
    however, causes severe harm if triggered erroneously by
    falsely positive alarms. In this paper, we introduce and
    evaluate a concept for detecting anomalous traffic using
    the ingress control of Time-Sensitive Networking (TSN). We
    build on the idea that already defined TSN traffic
    descriptors for in-car network configurations are rigorous,
    and hence any observed violation should not be a false
    positive. Also, we use Software-Defined Networking (SDN)
    technologies to collect and evaluate ingress anomaly
    reports, to identify the generating flows, and to ban them
    from the network. We evaluate our concept by simulating a
    real-world zonal network topology of a future car. Our
    findings confirm that abnormally behaving individual flows
    can indeed be reliably segregated with zero false
    positives.},
    langid = {english}
    }
    Connected cars need robust protection against network attacks. Network anomaly detection and prevention on board will be particularly fast and reliable when situated on the lowest possible layer. Blocking traffic on a low layer, however, causes severe harm if triggered erroneously by falsely positive alarms. In this paper, we introduce and evaluate a concept for detecting anomalous traffic using the ingress control of Time-Sensitive Networking (TSN). We build on the idea that already defined TSN traffic descriptors for in-car network configurations are rigorous, and hence any observed violation should not be a false positive. Also, we use Software-Defined Networking (SDN) technologies to collect and evaluate ingress anomaly reports, to identify the generating flows, and to ban them from the network. We evaluate our concept by simulating a real-world zonal network topology of a future car. Our findings confirm that abnormally behaving individual flows can indeed be reliably segregated with zero false positives.

2019

  • [DOI] T. Häckel, P. Meyer, F. Korf, and T. C. Schmidt, “SDN4CoRE: A Simulation Model for Software-Defined Networking for Communication over Real-Time Ethernet,” in Proceedings of the 6th International OMNeT++ Community Summit 2019, 2019, p. 24–31.
    [Bibtex] [Abstract] [External Link]
    @InProceedings{ hmks-smsdn-19,
    author = {Timo H{\"a}ckel and Philipp Meyer and Franz Korf and
    Thomas C. Schmidt},
    editor = {Meyo Zongo and Antonio Virdis and Vladimir Vesely and
    Zeynep Vatandas and Asanga Udugama and Koojana Kuladinithi
    and Michael Kirsche and Anna F{\"o}rster},
    title = {{SDN4CoRE: A Simulation Model for Software-Defined
    Networking for Communication over Real-Time Ethernet}},
    booktitle = {Proceedings of the 6th International OMNeT++ Community
    Summit 2019},
    month = dec,
    year = 2019,
    pages = {24--31},
    volume = {66},
    publisher = {EasyChair},
    url = {https://easychair.org/publications/paper/1TnZ},
    issn = {2398-7340},
    doi = {10.29007/w71t},
    eprinttype = {arxiv},
    eprint = {1908.09649},
    abstract = {Ethernet has become the next standard for automotive and
    industrial automation networks. Standard extensions such as
    IEEE 802.1Q Time-Sensitive Networking (TSN) have been
    proven to meet the real-time and robustness requirements of
    these environments. Augmenting the TSN switching by
    Software- Defined Networking functions promises additional
    benefits: A programming option for TSN devices can add much
    value to the resilience, security, and adaptivity of the
    environment. Network simulation allows to model highly
    complex networks before assembly and is an essential
    process for the design and validation of future networks.
    Still, a simulation environment that supports programmable
    real-time networks is missing. This paper fills the gap by
    sharing our simulation model for Software-Defined
    Networking for Communication over Real-Time Ethernet
    (SDN4CoRE) and present initial results in modeling
    programmable real-time networks. In a case study, we show
    that SDN4CoRE can simulate complex programmable real-time
    networks and allows for testing and verifying the
    programming of real-time devices.},
    series = {EPiC Series in Computing},
    bibsource = {EasyChair, https://easychair.org},
    langid = {english}
    }
    Ethernet has become the next standard for automotive and industrial automation networks. Standard extensions such as IEEE 802.1Q Time-Sensitive Networking (TSN) have been proven to meet the real-time and robustness requirements of these environments. Augmenting the TSN switching by Software- Defined Networking functions promises additional benefits: A programming option for TSN devices can add much value to the resilience, security, and adaptivity of the environment. Network simulation allows to model highly complex networks before assembly and is an essential process for the design and validation of future networks. Still, a simulation environment that supports programmable real-time networks is missing. This paper fills the gap by sharing our simulation model for Software-Defined Networking for Communication over Real-Time Ethernet (SDN4CoRE) and present initial results in modeling programmable real-time networks. In a case study, we show that SDN4CoRE can simulate complex programmable real-time networks and allows for testing and verifying the programming of real-time devices.
  • [PDF] [DOI] M. Cakir, T. Häckel, S. Reider, P. Meyer, F. Korf, and T. C. Schmidt, “A QoS Aware Approach to Service-Oriented Communication in Future Automotive Networks,” in 2019 IEEE Vehicular Networking Conference (VNC), Piscataway, NJ, USA, 2019.
    [Bibtex] [Abstract] [Slides] [External Link]
    @InProceedings{chrmk-qosso-19,
    author = {Mehmet Cakir AND Timo H{\"a}ckel AND Sandra Reider AND Philipp Meyer AND Franz Korf AND Thomas C. Schmidt},
    booktitle = {2019 IEEE Vehicular Networking Conference (VNC)},
    title = {{A QoS Aware Approach to Service-Oriented Communication in Future Automotive Networks}},
    year = {2019},
    address = {Piscataway, NJ, USA},
    month = dec,
    publisher = {IEEE Press},
    abstract = {Service-Oriented Architecture (SOA) is about to enter
    automotive networks based on the SOME/IP middleware and an
    Ethernet high-bandwidth communication layer. It promises to
    meet the growing demands on connectivity and flexibility
    for software components in modern cars. Largely
    heterogeneous service requirements and time-sensitive
    network functions make Quality-of-Service (QoS) agreements
    a vital building block within future automobiles. Existing
    middleware solutions, however, do not allow for a dynamic
    selection of QoS. This paper presents a service-oriented
    middleware for QoS aware communication in future cars. We
    contribute a protocol for dynamic QoS negotiation along
    with a multi-protocol stack, which supports the different
    communication classes as derived from a thorough
    requirements analysis. We validate the feasibility of our
    approach in a case study and evaluate its performance in a
    simulation model of a realistic in-car network. Our
    findings indicate that QoS aware communication can indeed
    meet the requirements, while the impact of the service
    negotiations and setup times of the network remain
    acceptable provided the cross-traffic during negotiations
    stays below 70\% of the available bandwidth.},
    doi = {10.1109/VNC48660.2019.9062794},
    eprint = {1911.01805},
    eprinttype = {arxiv},
    langid = {english},
    location = {Los Angeles, California, USA},
    url = {https://ieeexplore.ieee.org/document/9062794},
    }
    Service-Oriented Architecture (SOA) is about to enter automotive networks based on the SOME/IP middleware and an Ethernet high-bandwidth communication layer. It promises to meet the growing demands on connectivity and flexibility for software components in modern cars. Largely heterogeneous service requirements and time-sensitive network functions make Quality-of-Service (QoS) agreements a vital building block within future automobiles. Existing middleware solutions, however, do not allow for a dynamic selection of QoS. This paper presents a service-oriented middleware for QoS aware communication in future cars. We contribute a protocol for dynamic QoS negotiation along with a multi-protocol stack, which supports the different communication classes as derived from a thorough requirements analysis. We validate the feasibility of our approach in a case study and evaluate its performance in a simulation model of a realistic in-car network. Our findings indicate that QoS aware communication can indeed meet the requirements, while the impact of the service negotiations and setup times of the network remain acceptable provided the cross-traffic during negotiations stays below 70\% of the available bandwidth.
  • [DOI] P. Meyer, F. Korf, T. Steinbach, and T. C. Schmidt, “Simulation of Mixed Critical In-vehicular Networks,” in Recent Advances in Network Simulation, Springer, 2019, p. 317–345.
    [Bibtex] [Abstract] [External Link]
    @incollection{mkss-smcin-19,
    title={Simulation of Mixed Critical In-vehicular Networks},
    author={Meyer, Philipp and Korf, Franz and Steinbach, Till and Schmidt, Thomas C},
    booktitle={Recent Advances in Network Simulation},
    pages={317--345},
    year={2019},
    publisher={Springer},
    isbn = {978-3-030-12842-5},
    doi = {10.1007/978-3-030-12842-5_10},
    eprinttype = {arxiv},
    eprint = {1808.03081},
    url = {https://link.springer.com/chapter/10.1007/978-3-030-12842-5_10},
    abstract = {Future automotive applications ranging from advanced driver assistance to autonomous driving will largely increase demands on in-vehicular networks. Data flows of high bandwidth or low latency requirements, but in particular many additional communication relations will introduce a new level of complexity to the in-car communication system. It is expected that future communication backbones which interconnect sensors and actuators with Electronic Control Units (ECUs) in cars will be built on Ethernet technologies. However, signaling from different application domains demands for network services of tailored attributes, including real-time transmission protocols as defined in the Time-Sensitive Networking (TSN) Ethernet extensions. These Quality of Service (QoS) constraints will increase network complexity even further. Event-based simulation is a key technology to master the challenges of an in-car network design. This chapter introduces the domain-specific aspects and simulation models for in-vehicular networks and presents an overview of the car-centric network design process. Starting from a domain-specific description language, we cover the corresponding simulation models with their workflows and apply our approach to a related case study for an in-car network of a premium car.}
    }
    Future automotive applications ranging from advanced driver assistance to autonomous driving will largely increase demands on in-vehicular networks. Data flows of high bandwidth or low latency requirements, but in particular many additional communication relations will introduce a new level of complexity to the in-car communication system. It is expected that future communication backbones which interconnect sensors and actuators with Electronic Control Units (ECUs) in cars will be built on Ethernet technologies. However, signaling from different application domains demands for network services of tailored attributes, including real-time transmission protocols as defined in the Time-Sensitive Networking (TSN) Ethernet extensions. These Quality of Service (QoS) constraints will increase network complexity even further. Event-based simulation is a key technology to master the challenges of an in-car network design. This chapter introduces the domain-specific aspects and simulation models for in-vehicular networks and presents an overview of the car-centric network design process. Starting from a domain-specific description language, we cover the corresponding simulation models with their workflows and apply our approach to a related case study for an in-car network of a premium car.
  • [PDF] [DOI] T. Häckel, P. Meyer, F. Korf, and T. C. Schmidt, “Software-Defined Networks Supporting Time-Sensitive In-Vehicular Communication,” in Proc. of the IEEE 89th Vehicular Technology Conference: VTC2019-Spring, Piscataway, NJ, USA, 2019.
    [Bibtex] [Abstract] [Slides] [External Link]
    @InProceedings{ hmks-snsti-19,
    author = {Timo H{\"a}ckel and Philipp Meyer and Franz Korf and
    Thomas C. Schmidt},
    title = {{Software-Defined Networks Supporting Time-Sensitive
    In-Vehicular Communication}},
    booktitle = {Proc. of the IEEE 89th Vehicular Technology Conference:
    VTC2019-Spring},
    location = {Kuala Lumpur, Malaysia},
    month = apr,
    year = 2019,
    publisher = {IEEE Press},
    address = {Piscataway, NJ, USA},
    issn = {1090-3038},
    doi = {10.1109/VTCSpring.2019.8746473},
    url = {https://ieeexplore.ieee.org/document/8746473},
    eprinttype = {arxiv},
    eprint = {1903.08039},
    abstract = {Future in-vehicular networks will be based on Ethernet.
    The IEEE Time-Sensitive Networking (TSN) is a promising
    candidate to satisfy real-time requirements in future car
    communication. Software-Defined Networking (SDN) extends
    the Ethernet control plane with a programming option that
    can add much value to the resilience, security, and
    adaptivity of the automotive environment. In this work, we
    derive a first concept for combining Software-Defined
    Networking with Time-Sensitive Networking along with an
    initial evaluation. Our measurements are performed via a
    simulation that investigates whether an SDN architecture is
    suitable for time-critical applications in the car. Our
    findings indicate that the advanced control overhead of SDN
    can be added without a delay penalty for the TSN traffic
    when protocols are mapped properly.},
    langid = {english}
    }
    Future in-vehicular networks will be based on Ethernet. The IEEE Time-Sensitive Networking (TSN) is a promising candidate to satisfy real-time requirements in future car communication. Software-Defined Networking (SDN) extends the Ethernet control plane with a programming option that can add much value to the resilience, security, and adaptivity of the automotive environment. In this work, we derive a first concept for combining Software-Defined Networking with Time-Sensitive Networking along with an initial evaluation. Our measurements are performed via a simulation that investigates whether an SDN architecture is suitable for time-critical applications in the car. Our findings indicate that the advanced control overhead of SDN can be added without a delay penalty for the TSN traffic when protocols are mapped properly.
  • [DOI] P. Meyer, T. Häckel, F. Korf, and T. C. Schmidt, “DoS Protection through Credit Based Metering – Simulation-Based Evaluation for Time-Sensitive Networking in Cars,” in Proceedings of the 6th International OMNeT++ Community Summit 2019, 2019, p. 52–59.
    [Bibtex] [Abstract] [External Link]
    @InProceedings{ mhks-dpcbm-19,
    author = {Philipp Meyer and Timo H{\"a}ckel and Franz Korf and
    Thomas C. Schmidt},
    editor = {Meyo Zongo and Antonio Virdis and Vladimir Vesely and
    Zeynep Vatandas and Asanga Udugama and Koojana Kuladinithi
    and Michael Kirsche and Anna F{\"o}rster},
    title = {DoS Protection through Credit Based Metering -
    Simulation-Based Evaluation for Time-Sensitive Networking
    in Cars},
    booktitle = {Proceedings of the 6th International OMNeT++ Community
    Summit 2019},
    month = dec,
    year = 2019,
    pages = {52--59},
    volume = {66},
    publisher = {EasyChair},
    url = {https://easychair.org/publications/paper/BtKC},
    issn = {2398-7340},
    doi = {10.29007/pxrk},
    eprinttype = {arxiv},
    eprint = {1908.09646},
    abstract = {Ethernet is the most promising solution to reduce
    complexity and enhance the bandwidth in the next generation
    in-car networks. Dedicated Ethernet protocols enable the
    real-time aspects in such networks. One promising candidate
    is the IEEE 802.1Q Time-Sensitive Networking protocol
    suite. Common Ethernet technologies, however, increases the
    vulnerability of the car infrastructure as they widen the
    attack surface for many components. In this paper proposes
    an IEEE 802.1Qci based algorithm that on the one hand,
    protects against DoS attacks by metering incoming Ethernet
    frames. On the other hand, it adapts to the behavior of the
    Credit Based Shaping algorithm, which was standardized for
    Audio/Video Bridging, the predecessor of Time-Sensitive
    Networking. A simulation of this proposed Credit Based
    Metering algorithm evaluates the concept.},
    series = {EPiC Series in Computing},
    bibsource = {EasyChair, https://easychair.org},
    langid = {english}
    }
    Ethernet is the most promising solution to reduce complexity and enhance the bandwidth in the next generation in-car networks. Dedicated Ethernet protocols enable the real-time aspects in such networks. One promising candidate is the IEEE 802.1Q Time-Sensitive Networking protocol suite. Common Ethernet technologies, however, increases the vulnerability of the car infrastructure as they widen the attack surface for many components. In this paper proposes an IEEE 802.1Qci based algorithm that on the one hand, protects against DoS attacks by metering incoming Ethernet frames. On the other hand, it adapts to the behavior of the Credit Based Shaping algorithm, which was standardized for Audio/Video Bridging, the predecessor of Time-Sensitive Networking. A simulation of this proposed Credit Based Metering algorithm evaluates the concept.
  • [DOI] F. Langer, F. Schüppel, and L. Stahlbock, “Establishing an Automotive Cyber Defense Center,” in 17th escar Europe : embedded security in cars, , 2019.
    [Bibtex] [Abstract] [External Link]
    @incollection{lss-eacdc-19,
    author = {Falk Langer and Fabian Sch{\"u}ppel and Lukas Stahlbock},
    title = {{Establishing an Automotive Cyber Defense Center}},
    booktitle = {17th escar Europe : embedded security in cars},
    doi = {10.13154/294-6652},
    year = {2019},
    url = {http://hss-opus.ub.ruhr-unibochum.de/opus4/frontdoor/index/index/docId/6652},
    abstract = {As vehicles turn into human-transporting computers, more specific attention to the issue of long-term secure operation is needed. In order to prevent cyber-attacks on the fleet, monitoring the internal state of the individual vehicles’ IT-infrastructure is required.
    In this paper we provide a suggestion on how vehicles could be managed over the course of their lifetime. Establishment of an Automotive Cyber Defense Center is a key factor of ensuring the secure operation of the vehicle fleet by an OEM. Within this paper we demonstrate why establishing such a center is necessary, what kind of security operations it needs to perform and what stakeholders are involved in ensuring secure operation of public road transport.
    Since Cyber Defense Centers and the required technology are well-established in classical IT-infrastructure, we propose an architecture for the automotive domain which uses these technologies, highlighting the gaps in transitioning from operating a network to operation of a vehicle fleet.
    The most important difference being the distributed, inhomogeneous and nomadic nature of a vehicle fleet. In order to overcome this gap we provide an exemplary implementation, which aims to make security relevant information available for usage within a Cyber Defense Center, using IoT-technology.},
    langid = {english}
    }
    As vehicles turn into human-transporting computers, more specific attention to the issue of long-term secure operation is needed. In order to prevent cyber-attacks on the fleet, monitoring the internal state of the individual vehicles’ IT-infrastructure is required. In this paper we provide a suggestion on how vehicles could be managed over the course of their lifetime. Establishment of an Automotive Cyber Defense Center is a key factor of ensuring the secure operation of the vehicle fleet by an OEM. Within this paper we demonstrate why establishing such a center is necessary, what kind of security operations it needs to perform and what stakeholders are involved in ensuring secure operation of public road transport. Since Cyber Defense Centers and the required technology are well-established in classical IT-infrastructure, we propose an architecture for the automotive domain which uses these technologies, highlighting the gaps in transitioning from operating a network to operation of a vehicle fleet. The most important difference being the distributed, inhomogeneous and nomadic nature of a vehicle fleet. In order to overcome this gap we provide an exemplary implementation, which aims to make security relevant information available for usage within a Cyber Defense Center, using IoT-technology.

2018

  • [DOI] T. Steinbach, Ethernet-basierte Fahrzeugnetzwerkarchitekturen für zukünftige Echtzeitsysteme im Automobil, Wiesbaden: Springer Vieweg, 2018.
    [Bibtex] [Abstract]
    @Book{ s-ebfze-18,
    author = {Till Steinbach},
    title = {{Ethernet-basierte Fahrzeugnetzwerkarchitekturen f{\"u}r
    zuk{\"u}nftige Echtzeitsysteme im Automobil}},
    month = oct,
    year = 2018,
    publisher = {Springer Vieweg},
    address = {Wiesbaden},
    isbn = {978-3-658-23499-7},
    doi = {10.1007/978-3-658-23500-0},
    abstract = {Das Fahrzeugkommunikationsnetzwerk von Automobilen
    befindet sich derzeit in einem starken Wandel. Neue
    Anwendungen aus den Bereichen der Fahrerassistenzsysteme
    und des Infotainments sowie insbesondere das automatisierte
    und autonome Fahren haben einen weit h{\"o}heren Bedarf an
    leistungsf{\"a}higen Kommunikationsverbindungen, als die
    bisher im Automobil eingesetzten Technologien garantieren
    k{\"o}nnen. Dies gilt insbesondere f{\"u}r neue Sensorik
    wie beispielsweise Kameras, Radar und Laser-Scanner, welche
    die Umwelt mit einem hohen Detailgrad aufzeichnen und
    daf{\"u}r h{\"o}here Bandbreiten als bisherige Systeme
    {\"u}bertragen m{\"u}ssen. Echtzeit-Ethernet ist die
    favorisierte L{\"o}sung f{\"u}r die Herausforderungen
    zuk{\"u}nftiger Fahrzeugnetzwerke; es wurden jedoch, trotz
    des Bekenntnisses gro{\ss}er Automobilhersteller zu
    Automotive-Ethernet, bisher keine umfassenden und auf
    realistischen Datenverkehrsmodellen basierenden
    Architekturanalysen durchgef{\"u}hrt. Die vorliegende
    Arbeit leistet einen Beitrag zum Design und zur Bewertung
    neuer Ethernet-basierter Fahrzeugnetzwerkarchitekturen. Sie
    liefert Werkzeuge f{\"u}r die simulationsbasierte Analyse
    und Beurteilung von Netzwerkarchitekturen und evaluiert
    anhand konkreter Anwendungen, beispielsweise aus dem
    Bereich der Sensorfusion, und realistischer auf realen
    Verkehrsdaten aufbauender Szenarien m{\"o}gliche
    Netzwerkdesigns und Konfigurationen. Dabei wird auch der
    schrittweiser {\"U}bergang von Legacy-Technologien hin zu
    einem rein Echtzeit-Ethernet-basierten Fahrzeugnetzwerk
    ber{\"u}cksichtigt. Ein schrittweise Migrationspfad ist
    eine wichtige Anforderung f{\"u}r einen erfolgreichen
    Einsatz im Automobil. Auf Basis der hierbei aus
    analytischen Modellen sowie Simulationsstudien und einem
    realen Fahrzeugprototyp gewonnenen Erkenntnisse werden
    Designempfehlungen f{\"u}r die Entwicklung zuk{\"u}nftiger
    Ethernet-basierter Fahrzeugnetzwerke ausgesprochen.
    Methodisch kommt in der vorliegenden Arbeit insbesondere
    die Netzwerksimulation zum Einsatz. F{\"u}r die Bewertung
    neuer Fahrzeugnetzwerkarchitekturen werden Werkzeuge zur
    Simulation und Analyse zuk{\"u}nftiger heterogener
    Echtzeit-Ethernet-Backbones entwickelt. Damit stellt die
    Arbeit eine leistungsf{\"a}hige
    Open-Source-Simulationsumgebung f{\"u}r die Analyse
    zuk{\"u}nftiger Fahrzeugnetzwerke bereit, welche in
    Forschung und Entwicklung frei verwendet und
    weiterentwickelt werden kann. Mithilfe eines
    Prototypfahrzeugs werden die in der Simulation sowie in
    analytischen Modellen untersuchten Aspekte in einer realen
    Fahrzeugumgebung {\"u}berpr{\"u}ft. Die Untersuchung im
    Prototyp weist die Realisierbarkeit der entwickelten
    Ans{\"a}tze nach und zeigt auf, an welcher Stelle
    Herausforderungen und Handlungsbedarfe bei der
    Implementierung der entwickelten Konzepte bestehen. Die
    Ergebnisse der Untersuchung f{\"u}hren zu
    Designempfehlungen und Best Practices f{\"u}r
    zuk{\"u}nftige Backbone-Netzwerke im Automobil. Diese
    umfassen unter anderem das Kommunikationsdesign, den
    Einsatz von Echtzeitverkehrsklassen, die Optimierung von
    Hintergrunddatenverkehr und die Entwicklung geeigneter
    Netzwerktopologien. Es wird gezeigt, dass sich die im
    Backbone-Netzwerk erreichbaren Kennzahlen unter Einhaltung
    der Designempfehlungen um ein Vielfaches verbessern lassen.},
    langid = {ngerman}
    }
    Das Fahrzeugkommunikationsnetzwerk von Automobilen befindet sich derzeit in einem starken Wandel. Neue Anwendungen aus den Bereichen der Fahrerassistenzsysteme und des Infotainments sowie insbesondere das automatisierte und autonome Fahren haben einen weit höheren Bedarf an leistungsfähigen Kommunikationsverbindungen, als die bisher im Automobil eingesetzten Technologien garantieren können. Dies gilt insbesondere für neue Sensorik wie beispielsweise Kameras, Radar und Laser-Scanner, welche die Umwelt mit einem hohen Detailgrad aufzeichnen und dafür höhere Bandbreiten als bisherige Systeme übertragen müssen. Echtzeit-Ethernet ist die favorisierte Lösung für die Herausforderungen zukünftiger Fahrzeugnetzwerke; es wurden jedoch, trotz des Bekenntnisses großer Automobilhersteller zu Automotive-Ethernet, bisher keine umfassenden und auf realistischen Datenverkehrsmodellen basierenden Architekturanalysen durchgeführt. Die vorliegende Arbeit leistet einen Beitrag zum Design und zur Bewertung neuer Ethernet-basierter Fahrzeugnetzwerkarchitekturen. Sie liefert Werkzeuge für die simulationsbasierte Analyse und Beurteilung von Netzwerkarchitekturen und evaluiert anhand konkreter Anwendungen, beispielsweise aus dem Bereich der Sensorfusion, und realistischer auf realen Verkehrsdaten aufbauender Szenarien mögliche Netzwerkdesigns und Konfigurationen. Dabei wird auch der schrittweiser Übergang von Legacy-Technologien hin zu einem rein Echtzeit-Ethernet-basierten Fahrzeugnetzwerk berücksichtigt. Ein schrittweise Migrationspfad ist eine wichtige Anforderung für einen erfolgreichen Einsatz im Automobil. Auf Basis der hierbei aus analytischen Modellen sowie Simulationsstudien und einem realen Fahrzeugprototyp gewonnenen Erkenntnisse werden Designempfehlungen für die Entwicklung zukünftiger Ethernet-basierter Fahrzeugnetzwerke ausgesprochen. Methodisch kommt in der vorliegenden Arbeit insbesondere die Netzwerksimulation zum Einsatz. Für die Bewertung neuer Fahrzeugnetzwerkarchitekturen werden Werkzeuge zur Simulation und Analyse zukünftiger heterogener Echtzeit-Ethernet-Backbones entwickelt. Damit stellt die Arbeit eine leistungsfähige Open-Source-Simulationsumgebung für die Analyse zukünftiger Fahrzeugnetzwerke bereit, welche in Forschung und Entwicklung frei verwendet und weiterentwickelt werden kann. Mithilfe eines Prototypfahrzeugs werden die in der Simulation sowie in analytischen Modellen untersuchten Aspekte in einer realen Fahrzeugumgebung überprüft. Die Untersuchung im Prototyp weist die Realisierbarkeit der entwickelten Ansätze nach und zeigt auf, an welcher Stelle Herausforderungen und Handlungsbedarfe bei der Implementierung der entwickelten Konzepte bestehen. Die Ergebnisse der Untersuchung führen zu Designempfehlungen und Best Practices für zukünftige Backbone-Netzwerke im Automobil. Diese umfassen unter anderem das Kommunikationsdesign, den Einsatz von Echtzeitverkehrsklassen, die Optimierung von Hintergrunddatenverkehr und die Entwicklung geeigneter Netzwerktopologien. Es wird gezeigt, dass sich die im Backbone-Netzwerk erreichbaren Kennzahlen unter Einhaltung der Designempfehlungen um ein Vielfaches verbessern lassen.