Publications – SecVI

2021

T. Haugg, M. F. Soltani, Timo Häckel, P. Meyer, F. Korf, and T. C. Schmidt, “Simulation-based Evaluation of a Synchronous Transaction Model for Time-Sensitive Software-Defined Networks,” in Proceedings of the 8th International OMNeT++ Community Summit 2021, 2021.
[Bibtex] [Abstract] [Slides] [External Link]

@InProceedings{ hshmk-ssttn-21,
author = {Tobias Haugg and Mohammad Fazel Soltani and Timo
H{\"a}ckel and Philipp Meyer and Franz Korf and Thomas C.
Schmidt},
title = {{Simulation-based Evaluation of a Synchronous Transaction
Model for Time-Sensitive Software-Defined Networks}},
booktitle = {Proceedings of the 8th International OMNeT++ Community
Summit 2021},
month = oct,
year = 2021,
url = {https://arxiv.org/abs/2110.00236},
eprinttype = {arxiv},
eprint = {2110.00236},
abstract = {Real-time networks based on Ethernet require robust
quality-of-service for time-critical traffic. The
Time-Sensitive Networking (TSN) collection of standards
enables this in real-time environments like vehicle
on-board networks. Runtime reconfigurations in TSN must
respect the deadlines of real-time traffic.
Software-Defined Networking (SDN) moves the control plane
of network devices to the SDN controller, making these
networks programmable. This allows reconfigurations from a
central point in the network. In this work, we present a
transactional model for network reconfigurations that are
synchronously executed in all network devices. We evaluate
its performance in a case study against non-transactional
reconfigurations and show that synchronous transactions
enable consistency for reconfigurations in TSN without
increased latencies for real-time frames. },
langid = {english},
archiveprefix = {arXiv},
primaryclass = {cs.NI}
}

Real-time networks based on Ethernet require robust quality-of-service for time-critical traffic. The Time-Sensitive Networking (TSN) collection of standards enables this in real-time environments like vehicle on-board networks. Runtime reconfigurations in TSN must respect the deadlines of real-time traffic. Software-Defined Networking (SDN) moves the control plane of network devices to the SDN controller, making these networks programmable. This allows reconfigurations from a central point in the network. In this work, we present a transactional model for network reconfigurations that are synchronously executed in all network devices. We evaluate its performance in a case study against non-transactional reconfigurations and show that synchronous transactions enable consistency for reconfigurations in TSN without increased latencies for real-time frames.

S. Reider, P. Meyer, T. Häckel, F. Korf, and T. C. Schmidt, “Integration realer Angriffe in simulierte Echtzeit- Ethernet-Netzwerke,” in Echtzeit 2020, Wiesbaden, 2021, p. 51–60.
[Bibtex] [Abstract]

@InProceedings{ rmhks-irasn-21,
author = {Sandra Reider AND Philipp Meyer AND Timo H{\"a}ckel AND
Franz Korf AND Thomas C. Schmidt},
title = {{Integration realer Angriffe in simulierte Echtzeit-
Ethernet-Netzwerke}},
booktitle = {Echtzeit 2020},
month = jan,
year = 2021,
pages = {51--60},
publisher = {Springer Vieweg},
address = {Wiesbaden},
isbn = {978-3-658-32818-4},
doi = {10.1007/978-3-658-32818-4_6},
abstract = {Ethernet wird zunehmend Bestandteil moderner Fahrzeugnetze
und bildet die aussichtsreichste Technologie f{\"u}r
k{\"u}nftige Hochgeschwindigkeits-Backbones im Auto.
"Connected Vehicles" {\"o}ffnen gleichzeitig ihre internen
Fahrzeugnetzwerke nach au{\ss}en und erm{\"o}glichen so
eine Vielzahl neuer Angriffe, f{\"u}r die neue
Sicherheitskonzepte entwickelt werden m{\"u}ssen.
Sicherheitskonzepte und -mechanismen vor ihrer
Einf{\"u}hrung in einer Simulationsumgebungen zu testen,
ist flexibel, schnell und kosteng{\"u}nstig. In dieser
Arbeit stellen wir ein Konzept vor, mit dem realer
Angriffsverkehr aufgezeichnet und in eine
Simulationsumgebung eingespielt werden kann. Dieses
evaluieren wir am Beispiel eines DoS-Angriffs und
k{\"o}nnen zeigen, dass die erwarteten Auswirkungen des
abgespielten Angriffs in der Simulation wiedergegeben werden.},
booksubtitle = {Kommunikationssicherheit im Internet der Dinge (IoT)},
series = {Informatik aktuell},
langid = {ngerman}
}

Ethernet wird zunehmend Bestandteil moderner Fahrzeugnetze und bildet die aussichtsreichste Technologie für künftige Hochgeschwindigkeits-Backbones im Auto. “Connected Vehicles” öffnen gleichzeitig ihre internen Fahrzeugnetzwerke nach außen und ermöglichen so eine Vielzahl neuer Angriffe, für die neue Sicherheitskonzepte entwickelt werden müssen. Sicherheitskonzepte und -mechanismen vor ihrer Einführung in einer Simulationsumgebungen zu testen, ist flexibel, schnell und kostengünstig. In dieser Arbeit stellen wir ein Konzept vor, mit dem realer Angriffsverkehr aufgezeichnet und in eine Simulationsumgebung eingespielt werden kann. Dieses evaluieren wir am Beispiel eines DoS-Angriffs und können zeigen, dass die erwarteten Auswirkungen des abgespielten Angriffs in der Simulation wiedergegeben werden.

2020

P. Meyer, T. Häckel, F. Langer, L. Stahlbock, J. Decker, S. A. Eckhardt, F. Korf, T. C. Schmidt, and F. Schüppel, “Demo: A Security Infrastructure for Vehicular Information Using SDN, Intrusion Detection, and a Defense Center in the Cloud,” in 2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020), Piscataway, NJ, USA, 2020.
[Bibtex] [Abstract]

@InProceedings{mhlsd-dsivi-20,
author = {Philipp Meyer and Timo H{\"a}ckel and Falk Langer and Lukas Stahlbock and Jochen Decker and Sebastian A. Eckhardt and Franz Korf and Thomas C. Schmidt and Fabian Sch{\"u}ppel},
booktitle = {2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020)},
title = {{Demo: A Security Infrastructure for Vehicular Information Using {SDN,} Intrusion Detection, and a Defense Center in the Cloud}},
year = {2020},
publisher = {IEEE Press},
address = {Piscataway, NJ, USA},
location = {Online},
month = dec,
abstract = {Vehicular on-board communication is the basis for advanced driver
assistance, autonomous driving, over-the-air updates, and many more. If
unprotected, this infrastructure is vulnerable to manipulation and various
attacks. As any networked system, future connected cars require robust
protection, monitoring, and incidence management against cyber-attacks
during their lifetime. We demonstrate an infrastructure that secures the
in-vehicle communication system and enables the security management of an
entire vehicle fleet. Our prototype - a real-world production car - uses an
Ethernet backbone network. It implements protective measures using
software-defined networking, anomaly detection technologies, and is
connected to a cyber defense center in the cloud. We demonstrate how this
combination can reliably detect and mitigate common attacks on the vehicle
- including its legacy components.},
doi={10.1109/VNC51378.2020.9318351},
}

Vehicular on-board communication is the basis for advanced driver assistance, autonomous driving, over-the-air updates, and many more. If unprotected, this infrastructure is vulnerable to manipulation and various attacks. As any networked system, future connected cars require robust protection, monitoring, and incidence management against cyber-attacks during their lifetime. We demonstrate an infrastructure that secures the in-vehicle communication system and enables the security management of an entire vehicle fleet. Our prototype – a real-world production car – uses an Ethernet backbone network. It implements protective measures using software-defined networking, anomaly detection technologies, and is connected to a cyber defense center in the cloud. We demonstrate how this combination can reliably detect and mitigate common attacks on the vehicle – including its legacy components.

T. Häckel, A. Schmidt, P. Meyer, F. Korf, and T. C. Schmidt, “Strategies for Integrating Controls Flows in Software-Defined In-Vehicle Networks and Their Impact on Network Security,” in 2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020), Piscataway, NJ, USA, 2020.
[Bibtex] [Abstract] [Slides]

@InProceedings{hsmks-sicfs-20,
author = {Timo H{\"a}ckel and Anja Schmidt and Philipp Meyer and Franz Korf and Thomas C. Schmidt},
booktitle = {2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020)},
title = {{Strategies for Integrating Controls Flows in Software-Defined In-Vehicle Networks and Their Impact on Network Security}},
year = {2020},
publisher = {IEEE Press},
address = {Piscataway, NJ, USA},
location = {Online},
month = dec,
abstract = {Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs)
via domain busses. A gateway forwards messages between these domains.
Automotive Ethernet emerges as a flat, high-speed backbone technology for
IVNs that carries the various control flows within Ethernet frames.
Recently, Software-Defined Networking (SDN) has been identified as a useful
building block of the vehicular domain, as it allows the differentiation of
packets based on all header fields and thus can isolate unrelated control
flows.
In this work, we systematically explore the different strategies for
integrating automotive control flows in switched Ether-networks and analyze
their security impact for a software-defined IVN. We discuss how control
flow identifiers can be embedded on different layers resulting in a range
of solutions from fully exposed embedding to deep encapsulation. We
evaluate these strategies in a realistic IVN based on the communication
matrix of a production grade vehicle, which we map into a modern Ethernet
topology. We find that visibility of automotive control flows within packet
headers is essential for the network infrastructure to enable isolation and
access control. With an exposed embedding, the SDN backbone can establish
and survey trust zones within the IVN and largely reduce the attack surface
of connected cars. An exposed embedding strategy also minimizes
communication expenses.},
doi={10.1109/VNC51378.2020.9318372},
}

Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs) via domain busses. A gateway forwards messages between these domains. Automotive Ethernet emerges as a flat, high-speed backbone technology for IVNs that carries the various control flows within Ethernet frames. Recently, Software-Defined Networking (SDN) has been identified as a useful building block of the vehicular domain, as it allows the differentiation of packets based on all header fields and thus can isolate unrelated control flows. In this work, we systematically explore the different strategies for integrating automotive control flows in switched Ether-networks and analyze their security impact for a software-defined IVN. We discuss how control flow identifiers can be embedded on different layers resulting in a range of solutions from fully exposed embedding to deep encapsulation. We evaluate these strategies in a realistic IVN based on the communication matrix of a production grade vehicle, which we map into a modern Ethernet topology. We find that visibility of automotive control flows within packet headers is essential for the network infrastructure to enable isolation and access control. With an exposed embedding, the SDN backbone can establish and survey trust zones within the IVN and largely reduce the attack surface of connected cars. An exposed embedding strategy also minimizes communication expenses.

R. Rotermund, T. Häckel, P. Meyer, F. Korf, and T. C. Schmidt, “Requirements Analysis and Performance Evaluation of SDN Controllers for Automotive Use Cases,” in 2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020), Piscataway, NJ, USA, 2020.
[Bibtex] [Abstract] [Slides]

@InProceedings{rhmks-rapesc-20,
author = {Randolf Rotermund and Timo H{\"a}ckel and Philipp Meyer and Franz Korf and Thomas C. Schmidt},
booktitle = {2020 IEEE Vehicular Networking Conference (VNC) (IEEE VNC 2020)},
title = {{Requirements Analysis and Performance Evaluation of {SDN} Controllers for Automotive Use Cases}},
year = {2020},
publisher = {IEEE Press},
address = {Piscataway, NJ, USA},
location = {Online},
month = dec,
abstract = {Future vehicles will be more connected than ever leading to increased dynamics in vehicle on-board networks.
Software-Defined Networking (SDN) is a promising technology to meet the emerging needs for flexibility and security in future automotive use cases.
Although SDN controllers have been evaluated in data center networks, to the best of our knowledge there is a lack of an analysis and performance evaluation of SDN controllers for automotive use cases.
In this work we provide a detailed requirements analysis for the use of SDN controllers in cars.
Based on this requirements analysis we choose existing controller implementations for a performance analysis.
Finally, we analyze automotive specific use cases for SDN controllers with controller application examples and show how these can fulfill additional requirements.
Our evaluation provides a helpful basis for the design and development of SDN controllers that can be used in vehicles.},
doi={10.1109/VNC51378.2020.9318378},
}

Future vehicles will be more connected than ever leading to increased dynamics in vehicle on-board networks. Software-Defined Networking (SDN) is a promising technology to meet the emerging needs for flexibility and security in future automotive use cases. Although SDN controllers have been evaluated in data center networks, to the best of our knowledge there is a lack of an analysis and performance evaluation of SDN controllers for automotive use cases. In this work we provide a detailed requirements analysis for the use of SDN controllers in cars. Based on this requirements analysis we choose existing controller implementations for a performance analysis. Finally, we analyze automotive specific use cases for SDN controllers with controller application examples and show how these can fulfill additional requirements. Our evaluation provides a helpful basis for the design and development of SDN controllers that can be used in vehicles.

F. Langer, F. Schüppel, and L. Stahlbock, “Incident Response for Vehicular Systems – More than online Updates,” in 18th escar Europe : The World’s Leading Automotive Cyber Security Conference, , 2020.
[Bibtex] [Abstract] [Slides] [External Link]

@incollection{LangerSchueppelStahlbock2020,
author = {Falk Langer and Fabian Sch{\"u}ppel and Lukas Stahlbock},
title = {{Incident Response for Vehicular Systems – More than online Updates}},
booktitle = {18th escar Europe : The World's Leading Automotive Cyber Security Conference},
year = {2020},
url = {https://hss-opus.ub.ruhr-unibochum.de/opus4/frontdoor/index/index/searchtype/collection/id/16901/docId/7553/start/0/rows/10},
abstract = {Cybersecurity incidence response is an important building block for the safe operation of vehicles over their lifetime. The systems in need of protection within the vehicle are vulnerable to attacks over the internet. The strict safety requirements, complexity and large number of vehicle variants on the other hand lead to the issue, that in the case of a discovered vulnerability, developing an update fixing said vulnerability will take a long time – most likely making damage by attacks a certainty.
Within this paper, we show mechanisms to speed up the incidence response. For this reason two new levels of responses are proposed, which allow a reaction within minutes without impairing the requirement of safe and reliable operation.},
}

Cybersecurity incidence response is an important building block for the safe operation of vehicles over their lifetime. The systems in need of protection within the vehicle are vulnerable to attacks over the internet. The strict safety requirements, complexity and large number of vehicle variants on the other hand lead to the issue, that in the case of a discovered vulnerability, developing an update fixing said vulnerability will take a long time – most likely making damage by attacks a certainty. Within this paper, we show mechanisms to speed up the incidence response. For this reason two new levels of responses are proposed, which allow a reaction within minutes without impairing the requirement of safe and reliable operation.

P. Meyer, T. Häckel, F. Korf, and T. C. Schmidt, “Network Anomaly Detection in Cars based on Time-Sensitive Ingress Control,” in 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall), Piscataway, NJ, USA, 2020, p. 1–5.
[Bibtex] [Abstract] [Slides]

@InProceedings{ mhks-nadci-20,
author = {Philipp Meyer and Timo H{\"a}ckel and Franz Korf and
Thomas C. Schmidt},
title = {{Network Anomaly Detection in Cars based on Time-Sensitive
Ingress Control}},
booktitle = {2020 IEEE 92nd Vehicular Technology Conference
(VTC2020-Fall)},
location = {Online},
month = nov,
year = 2020,
pages = {1--5},
publisher = {IEEE Press},
address = {Piscataway, NJ, USA},
doi = {10.1109/VTC2020-Fall49728.2020.9348746},
abstract = {Connected cars need robust protection against network
attacks. Network anomaly detection and prevention on board
will be particularly fast and reliable when situated on the
lowest possible layer. Blocking traffic on a low layer,
however, causes severe harm if triggered erroneously by
falsely positive alarms. In this paper, we introduce and
evaluate a concept for detecting anomalous traffic using
the ingress control of Time-Sensitive Networking (TSN). We
build on the idea that already defined TSN traffic
descriptors for in-car network configurations are rigorous,
and hence any observed violation should not be a false
positive. Also, we use Software-Defined Networking (SDN)
technologies to collect and evaluate ingress anomaly
reports, to identify the generating flows, and to ban them
from the network. We evaluate our concept by simulating a
real-world zonal network topology of a future car. Our
findings confirm that abnormally behaving individual flows
can indeed be reliably segregated with zero false
positives.},
langid = {english}
}

Connected cars need robust protection against network attacks. Network anomaly detection and prevention on board will be particularly fast and reliable when situated on the lowest possible layer. Blocking traffic on a low layer, however, causes severe harm if triggered erroneously by falsely positive alarms. In this paper, we introduce and evaluate a concept for detecting anomalous traffic using the ingress control of Time-Sensitive Networking (TSN). We build on the idea that already defined TSN traffic descriptors for in-car network configurations are rigorous, and hence any observed violation should not be a false positive. Also, we use Software-Defined Networking (SDN) technologies to collect and evaluate ingress anomaly reports, to identify the generating flows, and to ban them from the network. We evaluate our concept by simulating a real-world zonal network topology of a future car. Our findings confirm that abnormally behaving individual flows can indeed be reliably segregated with zero false positives.

2019

T. Häckel, P. Meyer, F. Korf, and T. C. Schmidt, “SDN4CoRE: A Simulation Model for Software-Defined Networking for Communication over Real-Time Ethernet,” in Proceedings of the 6th International OMNeT++ Community Summit 2019, 2019, p. 24–31.
[Bibtex] [Abstract] [External Link]

@InProceedings{ hmks-smsdn-19,
author = {Timo H{\"a}ckel and Philipp Meyer and Franz Korf and
Thomas C. Schmidt},
editor = {Meyo Zongo and Antonio Virdis and Vladimir Vesely and
Zeynep Vatandas and Asanga Udugama and Koojana Kuladinithi
and Michael Kirsche and Anna F{\"o}rster},
title = {{SDN4CoRE: A Simulation Model for Software-Defined
Networking for Communication over Real-Time Ethernet}},
booktitle = {Proceedings of the 6th International OMNeT++ Community
Summit 2019},
month = dec,
year = 2019,
pages = {24--31},
volume = {66},
publisher = {EasyChair},
url = {https://easychair.org/publications/paper/1TnZ},
issn = {2398-7340},
doi = {10.29007/w71t},
eprinttype = {arxiv},
eprint = {1908.09649},
abstract = {Ethernet has become the next standard for automotive and
industrial automation networks. Standard extensions such as
IEEE 802.1Q Time-Sensitive Networking (TSN) have been
proven to meet the real-time and robustness requirements of
these environments. Augmenting the TSN switching by
Software- Defined Networking functions promises additional
benefits: A programming option for TSN devices can add much
value to the resilience, security, and adaptivity of the
environment. Network simulation allows to model highly
complex networks before assembly and is an essential
process for the design and validation of future networks.
Still, a simulation environment that supports programmable
real-time networks is missing. This paper fills the gap by
sharing our simulation model for Software-Defined
Networking for Communication over Real-Time Ethernet
(SDN4CoRE) and present initial results in modeling
programmable real-time networks. In a case study, we show
that SDN4CoRE can simulate complex programmable real-time
networks and allows for testing and verifying the
programming of real-time devices.},
series = {EPiC Series in Computing},
bibsource = {EasyChair, https://easychair.org},
langid = {english}
}

Ethernet has become the next standard for automotive and industrial automation networks. Standard extensions such as IEEE 802.1Q Time-Sensitive Networking (TSN) have been proven to meet the real-time and robustness requirements of these environments. Augmenting the TSN switching by Software- Defined Networking functions promises additional benefits: A programming option for TSN devices can add much value to the resilience, security, and adaptivity of the environment. Network simulation allows to model highly complex networks before assembly and is an essential process for the design and validation of future networks. Still, a simulation environment that supports programmable real-time networks is missing. This paper fills the gap by sharing our simulation model for Software-Defined Networking for Communication over Real-Time Ethernet (SDN4CoRE) and present initial results in modeling programmable real-time networks. In a case study, we show that SDN4CoRE can simulate complex programmable real-time networks and allows for testing and verifying the programming of real-time devices.

M. Cakir, T. Häckel, S. Reider, P. Meyer, F. Korf, and T. C. Schmidt, “A QoS Aware Approach to Service-Oriented Communication in Future Automotive Networks,” in 2019 IEEE Vehicular Networking Conference (VNC), Piscataway, NJ, USA, 2019.
[Bibtex] [Abstract] [Slides] [External Link]

@InProceedings{chrmk-qosso-19,
author = {Mehmet Cakir AND Timo H{\"a}ckel AND Sandra Reider AND Philipp Meyer AND Franz Korf AND Thomas C. Schmidt},
booktitle = {2019 IEEE Vehicular Networking Conference (VNC)},
title = {{A QoS Aware Approach to Service-Oriented Communication in Future Automotive Networks}},
year = {2019},
address = {Piscataway, NJ, USA},
month = dec,
publisher = {IEEE Press},
abstract = {Service-Oriented Architecture (SOA) is about to enter
automotive networks based on the SOME/IP middleware and an
Ethernet high-bandwidth communication layer. It promises to
meet the growing demands on connectivity and flexibility
for software components in modern cars. Largely
heterogeneous service requirements and time-sensitive
network functions make Quality-of-Service (QoS) agreements
a vital building block within future automobiles. Existing
middleware solutions, however, do not allow for a dynamic
selection of QoS. This paper presents a service-oriented
middleware for QoS aware communication in future cars. We
contribute a protocol for dynamic QoS negotiation along
with a multi-protocol stack, which supports the different
communication classes as derived from a thorough
requirements analysis. We validate the feasibility of our
approach in a case study and evaluate its performance in a
simulation model of a realistic in-car network. Our
findings indicate that QoS aware communication can indeed
meet the requirements, while the impact of the service
negotiations and setup times of the network remain
acceptable provided the cross-traffic during negotiations
stays below 70\% of the available bandwidth.},
doi = {10.1109/VNC48660.2019.9062794},
eprint = {1911.01805},
eprinttype = {arxiv},
langid = {english},
location = {Los Angeles, California, USA},
url = {https://ieeexplore.ieee.org/document/9062794},
}

Service-Oriented Architecture (SOA) is about to enter automotive networks based on the SOME/IP middleware and an Ethernet high-bandwidth communication layer. It promises to meet the growing demands on connectivity and flexibility for software components in modern cars. Largely heterogeneous service requirements and time-sensitive network functions make Quality-of-Service (QoS) agreements a vital building block within future automobiles. Existing middleware solutions, however, do not allow for a dynamic selection of QoS. This paper presents a service-oriented middleware for QoS aware communication in future cars. We contribute a protocol for dynamic QoS negotiation along with a multi-protocol stack, which supports the different communication classes as derived from a thorough requirements analysis. We validate the feasibility of our approach in a case study and evaluate its performance in a simulation model of a realistic in-car network. Our findings indicate that QoS aware communication can indeed meet the requirements, while the impact of the service negotiations and setup times of the network remain acceptable provided the cross-traffic during negotiations stays below 70\% of the available bandwidth.

P. Meyer, F. Korf, T. Steinbach, and T. C. Schmidt, “Simulation of Mixed Critical In-vehicular Networks,” in Recent Advances in Network Simulation, Springer, 2019, p. 317–345.
[Bibtex] [Abstract] [External Link]

@incollection{mkss-smcin-19,
title={Simulation of Mixed Critical In-vehicular Networks},
author={Meyer, Philipp and Korf, Franz and Steinbach, Till and Schmidt, Thomas C},
booktitle={Recent Advances in Network Simulation},
pages={317--345},
year={2019},
publisher={Springer},
isbn = {978-3-030-12842-5},
doi = {10.1007/978-3-030-12842-5_10},
eprinttype = {arxiv},
eprint = {1808.03081},
url = {https://link.springer.com/chapter/10.1007/978-3-030-12842-5_10},
abstract = {Future automotive applications ranging from advanced driver assistance to autonomous driving will largely increase demands on in-vehicular networks. Data flows of high bandwidth or low latency requirements, but in particular many additional communication relations will introduce a new level of complexity to the in-car communication system. It is expected that future communication backbones which interconnect sensors and actuators with Electronic Control Units (ECUs) in cars will be built on Ethernet technologies. However, signaling from different application domains demands for network services of tailored attributes, including real-time transmission protocols as defined in the Time-Sensitive Networking (TSN) Ethernet extensions. These Quality of Service (QoS) constraints will increase network complexity even further. Event-based simulation is a key technology to master the challenges of an in-car network design. This chapter introduces the domain-specific aspects and simulation models for in-vehicular networks and presents an overview of the car-centric network design process. Starting from a domain-specific description language, we cover the corresponding simulation models with their workflows and apply our approach to a related case study for an in-car network of a premium car.}
}

Future automotive applications ranging from advanced driver assistance to autonomous driving will largely increase demands on in-vehicular networks. Data flows of high bandwidth or low latency requirements, but in particular many additional communication relations will introduce a new level of complexity to the in-car communication system. It is expected that future communication backbones which interconnect sensors and actuators with Electronic Control Units (ECUs) in cars will be built on Ethernet technologies. However, signaling from different application domains demands for network services of tailored attributes, including real-time transmission protocols as defined in the Time-Sensitive Networking (TSN) Ethernet extensions. These Quality of Service (QoS) constraints will increase network complexity even further. Event-based simulation is a key technology to master the challenges of an in-car network design. This chapter introduces the domain-specific aspects and simulation models for in-vehicular networks and presents an overview of the car-centric network design process. Starting from a domain-specific description language, we cover the corresponding simulation models with their workflows and apply our approach to a related case study for an in-car network of a premium car.

T. Häckel, P. Meyer, F. Korf, and T. C. Schmidt, “Software-Defined Networks Supporting Time-Sensitive In-Vehicular Communication,” in Proc. of the IEEE 89th Vehicular Technology Conference: VTC2019-Spring, Piscataway, NJ, USA, 2019.
[Bibtex] [Abstract] [Slides] [External Link]

@InProceedings{ hmks-snsti-19,
author = {Timo H{\"a}ckel and Philipp Meyer and Franz Korf and
Thomas C. Schmidt},
title = {{Software-Defined Networks Supporting Time-Sensitive
In-Vehicular Communication}},
booktitle = {Proc. of the IEEE 89th Vehicular Technology Conference:
VTC2019-Spring},
location = {Kuala Lumpur, Malaysia},
month = apr,
year = 2019,
publisher = {IEEE Press},
address = {Piscataway, NJ, USA},
issn = {1090-3038},
doi = {10.1109/VTCSpring.2019.8746473},
url = {https://ieeexplore.ieee.org/document/8746473},
eprinttype = {arxiv},
eprint = {1903.08039},
abstract = {Future in-vehicular networks will be based on Ethernet.
The IEEE Time-Sensitive Networking (TSN) is a promising
candidate to satisfy real-time requirements in future car
communication. Software-Defined Networking (SDN) extends
the Ethernet control plane with a programming option that
can add much value to the resilience, security, and
adaptivity of the automotive environment. In this work, we
derive a first concept for combining Software-Defined
Networking with Time-Sensitive Networking along with an
initial evaluation. Our measurements are performed via a
simulation that investigates whether an SDN architecture is
suitable for time-critical applications in the car. Our
findings indicate that the advanced control overhead of SDN
can be added without a delay penalty for the TSN traffic
when protocols are mapped properly.},
langid = {english}
}

Future in-vehicular networks will be based on Ethernet. The IEEE Time-Sensitive Networking (TSN) is a promising candidate to satisfy real-time requirements in future car communication. Software-Defined Networking (SDN) extends the Ethernet control plane with a programming option that can add much value to the resilience, security, and adaptivity of the automotive environment. In this work, we derive a first concept for combining Software-Defined Networking with Time-Sensitive Networking along with an initial evaluation. Our measurements are performed via a simulation that investigates whether an SDN architecture is suitable for time-critical applications in the car. Our findings indicate that the advanced control overhead of SDN can be added without a delay penalty for the TSN traffic when protocols are mapped properly.

P. Meyer, T. Häckel, F. Korf, and T. C. Schmidt, “DoS Protection through Credit Based Metering – Simulation-Based Evaluation for Time-Sensitive Networking in Cars,” in Proceedings of the 6th International OMNeT++ Community Summit 2019, 2019, p. 52–59.
[Bibtex] [Abstract] [External Link]

@InProceedings{ mhks-dpcbm-19,
author = {Philipp Meyer and Timo H{\"a}ckel and Franz Korf and
Thomas C. Schmidt},
editor = {Meyo Zongo and Antonio Virdis and Vladimir Vesely and
Zeynep Vatandas and Asanga Udugama and Koojana Kuladinithi
and Michael Kirsche and Anna F{\"o}rster},
title = {DoS Protection through Credit Based Metering -
Simulation-Based Evaluation for Time-Sensitive Networking
in Cars},
booktitle = {Proceedings of the 6th International OMNeT++ Community
Summit 2019},
month = dec,
year = 2019,
pages = {52--59},
volume = {66},
publisher = {EasyChair},
url = {https://easychair.org/publications/paper/BtKC},
issn = {2398-7340},
doi = {10.29007/pxrk},
eprinttype = {arxiv},
eprint = {1908.09646},
abstract = {Ethernet is the most promising solution to reduce
complexity and enhance the bandwidth in the next generation
in-car networks. Dedicated Ethernet protocols enable the
real-time aspects in such networks. One promising candidate
is the IEEE 802.1Q Time-Sensitive Networking protocol
suite. Common Ethernet technologies, however, increases the
vulnerability of the car infrastructure as they widen the
attack surface for many components. In this paper proposes
an IEEE 802.1Qci based algorithm that on the one hand,
protects against DoS attacks by metering incoming Ethernet
frames. On the other hand, it adapts to the behavior of the
Credit Based Shaping algorithm, which was standardized for
Audio/Video Bridging, the predecessor of Time-Sensitive
Networking. A simulation of this proposed Credit Based
Metering algorithm evaluates the concept.},
series = {EPiC Series in Computing},
bibsource = {EasyChair, https://easychair.org},
langid = {english}
}

Ethernet is the most promising solution to reduce complexity and enhance the bandwidth in the next generation in-car networks. Dedicated Ethernet protocols enable the real-time aspects in such networks. One promising candidate is the IEEE 802.1Q Time-Sensitive Networking protocol suite. Common Ethernet technologies, however, increases the vulnerability of the car infrastructure as they widen the attack surface for many components. In this paper proposes an IEEE 802.1Qci based algorithm that on the one hand, protects against DoS attacks by metering incoming Ethernet frames. On the other hand, it adapts to the behavior of the Credit Based Shaping algorithm, which was standardized for Audio/Video Bridging, the predecessor of Time-Sensitive Networking. A simulation of this proposed Credit Based Metering algorithm evaluates the concept.

F. Langer, F. Schüppel, and L. Stahlbock, “Establishing an Automotive Cyber Defense Center,” in 17th escar Europe : embedded security in cars, , 2019.
[Bibtex] [Abstract] [External Link]

@incollection{lss-eacdc-19,
author = {Falk Langer and Fabian Sch{\"u}ppel and Lukas Stahlbock},
title = {{Establishing an Automotive Cyber Defense Center}},
booktitle = {17th escar Europe : embedded security in cars},
doi = {10.13154/294-6652},
year = {2019},
url = {http://hss-opus.ub.ruhr-unibochum.de/opus4/frontdoor/index/index/docId/6652},
abstract = {As vehicles turn into human-transporting computers, more specific attention to the issue of long-term secure operation is needed. In order to prevent cyber-attacks on the fleet, monitoring the internal state of the individual vehicles’ IT-infrastructure is required.
In this paper we provide a suggestion on how vehicles could be managed over the course of their lifetime. Establishment of an Automotive Cyber Defense Center is a key factor of ensuring the secure operation of the vehicle fleet by an OEM. Within this paper we demonstrate why establishing such a center is necessary, what kind of security operations it needs to perform and what stakeholders are involved in ensuring secure operation of public road transport.
Since Cyber Defense Centers and the required technology are well-established in classical IT-infrastructure, we propose an architecture for the automotive domain which uses these technologies, highlighting the gaps in transitioning from operating a network to operation of a vehicle fleet.
The most important difference being the distributed, inhomogeneous and nomadic nature of a vehicle fleet. In order to overcome this gap we provide an exemplary implementation, which aims to make security relevant information available for usage within a Cyber Defense Center, using IoT-technology.},
langid = {english}
}

As vehicles turn into human-transporting computers, more specific attention to the issue of long-term secure operation is needed. In order to prevent cyber-attacks on the fleet, monitoring the internal state of the individual vehicles’ IT-infrastructure is required. In this paper we provide a suggestion on how vehicles could be managed over the course of their lifetime. Establishment of an Automotive Cyber Defense Center is a key factor of ensuring the secure operation of the vehicle fleet by an OEM. Within this paper we demonstrate why establishing such a center is necessary, what kind of security operations it needs to perform and what stakeholders are involved in ensuring secure operation of public road transport. Since Cyber Defense Centers and the required technology are well-established in classical IT-infrastructure, we propose an architecture for the automotive domain which uses these technologies, highlighting the gaps in transitioning from operating a network to operation of a vehicle fleet. The most important difference being the distributed, inhomogeneous and nomadic nature of a vehicle fleet. In order to overcome this gap we provide an exemplary implementation, which aims to make security relevant information available for usage within a Cyber Defense Center, using IoT-technology.

2018

T. Steinbach, Ethernet-basierte Fahrzeugnetzwerkarchitekturen für zukünftige Echtzeitsysteme im Automobil, Wiesbaden: Springer Vieweg, 2018.
[Bibtex] [Abstract]

@Book{ s-ebfze-18,
author = {Till Steinbach},
title = {{Ethernet-basierte Fahrzeugnetzwerkarchitekturen f{\"u}r
zuk{\"u}nftige Echtzeitsysteme im Automobil}},
month = oct,
year = 2018,
publisher = {Springer Vieweg},
address = {Wiesbaden},
isbn = {978-3-658-23499-7},
doi = {10.1007/978-3-658-23500-0},
abstract = {Das Fahrzeugkommunikationsnetzwerk von Automobilen
befindet sich derzeit in einem starken Wandel. Neue
Anwendungen aus den Bereichen der Fahrerassistenzsysteme
und des Infotainments sowie insbesondere das automatisierte
und autonome Fahren haben einen weit h{\"o}heren Bedarf an
leistungsf{\"a}higen Kommunikationsverbindungen, als die
bisher im Automobil eingesetzten Technologien garantieren
k{\"o}nnen. Dies gilt insbesondere f{\"u}r neue Sensorik
wie beispielsweise Kameras, Radar und Laser-Scanner, welche
die Umwelt mit einem hohen Detailgrad aufzeichnen und
daf{\"u}r h{\"o}here Bandbreiten als bisherige Systeme
{\"u}bertragen m{\"u}ssen. Echtzeit-Ethernet ist die
favorisierte L{\"o}sung f{\"u}r die Herausforderungen
zuk{\"u}nftiger Fahrzeugnetzwerke; es wurden jedoch, trotz
des Bekenntnisses gro{\ss}er Automobilhersteller zu
Automotive-Ethernet, bisher keine umfassenden und auf
realistischen Datenverkehrsmodellen basierenden
Architekturanalysen durchgef{\"u}hrt. Die vorliegende
Arbeit leistet einen Beitrag zum Design und zur Bewertung
neuer Ethernet-basierter Fahrzeugnetzwerkarchitekturen. Sie
liefert Werkzeuge f{\"u}r die simulationsbasierte Analyse
und Beurteilung von Netzwerkarchitekturen und evaluiert
anhand konkreter Anwendungen, beispielsweise aus dem
Bereich der Sensorfusion, und realistischer auf realen
Verkehrsdaten aufbauender Szenarien m{\"o}gliche
Netzwerkdesigns und Konfigurationen. Dabei wird auch der
schrittweiser {\"U}bergang von Legacy-Technologien hin zu
einem rein Echtzeit-Ethernet-basierten Fahrzeugnetzwerk
ber{\"u}cksichtigt. Ein schrittweise Migrationspfad ist
eine wichtige Anforderung f{\"u}r einen erfolgreichen
Einsatz im Automobil. Auf Basis der hierbei aus
analytischen Modellen sowie Simulationsstudien und einem
realen Fahrzeugprototyp gewonnenen Erkenntnisse werden
Designempfehlungen f{\"u}r die Entwicklung zuk{\"u}nftiger
Ethernet-basierter Fahrzeugnetzwerke ausgesprochen.
Methodisch kommt in der vorliegenden Arbeit insbesondere
die Netzwerksimulation zum Einsatz. F{\"u}r die Bewertung
neuer Fahrzeugnetzwerkarchitekturen werden Werkzeuge zur
Simulation und Analyse zuk{\"u}nftiger heterogener
Echtzeit-Ethernet-Backbones entwickelt. Damit stellt die
Arbeit eine leistungsf{\"a}hige
Open-Source-Simulationsumgebung f{\"u}r die Analyse
zuk{\"u}nftiger Fahrzeugnetzwerke bereit, welche in
Forschung und Entwicklung frei verwendet und
weiterentwickelt werden kann. Mithilfe eines
Prototypfahrzeugs werden die in der Simulation sowie in
analytischen Modellen untersuchten Aspekte in einer realen
Fahrzeugumgebung {\"u}berpr{\"u}ft. Die Untersuchung im
Prototyp weist die Realisierbarkeit der entwickelten
Ans{\"a}tze nach und zeigt auf, an welcher Stelle
Herausforderungen und Handlungsbedarfe bei der
Implementierung der entwickelten Konzepte bestehen. Die
Ergebnisse der Untersuchung f{\"u}hren zu
Designempfehlungen und Best Practices f{\"u}r
zuk{\"u}nftige Backbone-Netzwerke im Automobil. Diese
umfassen unter anderem das Kommunikationsdesign, den
Einsatz von Echtzeitverkehrsklassen, die Optimierung von
Hintergrunddatenverkehr und die Entwicklung geeigneter
Netzwerktopologien. Es wird gezeigt, dass sich die im
Backbone-Netzwerk erreichbaren Kennzahlen unter Einhaltung
der Designempfehlungen um ein Vielfaches verbessern lassen.},
langid = {ngerman}
}

Das Fahrzeugkommunikationsnetzwerk von Automobilen befindet sich derzeit in einem starken Wandel. Neue Anwendungen aus den Bereichen der Fahrerassistenzsysteme und des Infotainments sowie insbesondere das automatisierte und autonome Fahren haben einen weit höheren Bedarf an leistungsfähigen Kommunikationsverbindungen, als die bisher im Automobil eingesetzten Technologien garantieren können. Dies gilt insbesondere für neue Sensorik wie beispielsweise Kameras, Radar und Laser-Scanner, welche die Umwelt mit einem hohen Detailgrad aufzeichnen und dafür höhere Bandbreiten als bisherige Systeme übertragen müssen. Echtzeit-Ethernet ist die favorisierte Lösung für die Herausforderungen zukünftiger Fahrzeugnetzwerke; es wurden jedoch, trotz des Bekenntnisses großer Automobilhersteller zu Automotive-Ethernet, bisher keine umfassenden und auf realistischen Datenverkehrsmodellen basierenden Architekturanalysen durchgeführt. Die vorliegende Arbeit leistet einen Beitrag zum Design und zur Bewertung neuer Ethernet-basierter Fahrzeugnetzwerkarchitekturen. Sie liefert Werkzeuge für die simulationsbasierte Analyse und Beurteilung von Netzwerkarchitekturen und evaluiert anhand konkreter Anwendungen, beispielsweise aus dem Bereich der Sensorfusion, und realistischer auf realen Verkehrsdaten aufbauender Szenarien mögliche Netzwerkdesigns und Konfigurationen. Dabei wird auch der schrittweiser Übergang von Legacy-Technologien hin zu einem rein Echtzeit-Ethernet-basierten Fahrzeugnetzwerk berücksichtigt. Ein schrittweise Migrationspfad ist eine wichtige Anforderung für einen erfolgreichen Einsatz im Automobil. Auf Basis der hierbei aus analytischen Modellen sowie Simulationsstudien und einem realen Fahrzeugprototyp gewonnenen Erkenntnisse werden Designempfehlungen für die Entwicklung zukünftiger Ethernet-basierter Fahrzeugnetzwerke ausgesprochen. Methodisch kommt in der vorliegenden Arbeit insbesondere die Netzwerksimulation zum Einsatz. Für die Bewertung neuer Fahrzeugnetzwerkarchitekturen werden Werkzeuge zur Simulation und Analyse zukünftiger heterogener Echtzeit-Ethernet-Backbones entwickelt. Damit stellt die Arbeit eine leistungsfähige Open-Source-Simulationsumgebung für die Analyse zukünftiger Fahrzeugnetzwerke bereit, welche in Forschung und Entwicklung frei verwendet und weiterentwickelt werden kann. Mithilfe eines Prototypfahrzeugs werden die in der Simulation sowie in analytischen Modellen untersuchten Aspekte in einer realen Fahrzeugumgebung überprüft. Die Untersuchung im Prototyp weist die Realisierbarkeit der entwickelten Ansätze nach und zeigt auf, an welcher Stelle Herausforderungen und Handlungsbedarfe bei der Implementierung der entwickelten Konzepte bestehen. Die Ergebnisse der Untersuchung führen zu Designempfehlungen und Best Practices für zukünftige Backbone-Netzwerke im Automobil. Diese umfassen unter anderem das Kommunikationsdesign, den Einsatz von Echtzeitverkehrsklassen, die Optimierung von Hintergrunddatenverkehr und die Entwicklung geeigneter Netzwerktopologien. Es wird gezeigt, dass sich die im Backbone-Netzwerk erreichbaren Kennzahlen unter Einhaltung der Designempfehlungen um ein Vielfaches verbessern lassen.