BMBF UNCOVER – Monitoring of safety incidents in vehicles

English Abstract

For the realization and introduction of autonomous vehicles, the safe interaction of functions, systems and services as well as their monitoring over the entire product life cycle is essential. An exclusive security-by-design approach is no longer sufficient and must be continuously supported by feedback obtained from in-the-wild operation. This is where the recently successfully completed joint project BMBF UNCOVER comes into play, which targets the requirements of the standards ISO/SAE 21434 (Road vehicles – Cybersecurity engineering) and ISO 21448 (Road vehicles – Safety of the intended functionality (SOTIF)).

An integral part of the overall project was the development of a flexible in-car monitoring platform for detecting security- and safety-relevant events during the operation of autonomous vehicles. The project contribution of ERNW Research GmbH was, on the one hand, to advise on the collection of data and to incorporate the experiences from practical security investigations, and on the other hand, to ensure the security of the platform itself through providing advice on the design and by performing assessments (e.g., via code audits and established penetration testing techniques such as fuzzing).

In order to ensure the cryptographic security of the monitoring platform w.r.t. data storage, data exchange and the deployment process, the lightweight stream cipher DRACO was designed, continuously improved and implemented in an Authenticated Encryption (AE) variant for the monitoring platform itself and for its backend.

Further details about DRACO and the entire BMBF UNCOVER project can be found in the English-language documents listed at the end of this blog post under Publications.

Please also feel free to approach us next week at TROOPERS in Heidelberg!

The joint project BMBF UNCOVER

For the implementation and introduction of autonomous vehicles, the secure interaction of functions, systems and services as well as their monitoring over the entire product life cycle is essential. Although security-by-design measures are taken to cover as many risks as possible at design time, it is always to be expected that new vulnerabilities and security gaps will arise during the later operating period. Changes during operation are to be expected, especially with autonomous systems. These changes can affect both the system itself and its environment:

• Self-learning systems based on AI components that develop independently through learning.
• Changes in the environment (new communication options, new road users such as e-scooters, changed framework conditions, legislation, etc.).
• Changes/updates to existing functions in the vehicle that create new communication paths.

These continuous changes pose potential risks in terms of cyber security, which can also lead to significant dangers for road users due to their impact on functional safety and in particular on the fulfillment of the target function (SOTIF). There is considerable potential for economic damage, which can arise, for example, from data misuse and data manipulation. In addition, due to the changes in the environment and the system, it is imperative to continuously ensure safety throughout the entire product life cycle of the vehicles and systems up to and including decommissioning. Exclusive support during development as part of a security-by-design approach is no longer sufficient and must be continuously supported by the feedback of experience from operations.

This is where the recently successfully completed joint project BMBF UNCOVER comes in, which is based, among other things, on the requirements of the standards ISO/SAE 21434 (Road vehicles – Cybersecurity engineering) and ISO 21448 (Road vehicles – Safety of the intended functionality (SOTIF)) and was carried out together with the following partners:

• EnCo Software GmbH, Munich,
• FZI Research Center for Information Technology, Karlsruhe,
• Karlsruhe Institute of Technology (KIT), Karlsruhe,
• RISA Security Analyses GmbH, Berlin.

Contribution of ERNW Research GmbH to BMBF UNCOVER

An essential component of the project was the development of a flexible monitoring platform for detecting safety-relevant events during the operation of autonomous vehicles. ERNW Research GmbH was tasked with advising and supporting the project partners involved on the basis of existing experience from practical safety investigations. Central points of this advisory and support activity by ERNW Research GmbH were

• the development of use cases for the data-based analysis of security incidents in the context of autonomous driving (with a focus on IT security and corresponding attack scenarios),
• the analysis of the data to be collected with regard to its suitability for detecting security incidents based on developed attack scenarios,
• advice and support on the secure design of the monitoring platform and advice on the deployment process,
• the security check of the monitoring platform (especially the demonstrator) using established analysis techniques such as fuzzing and source code audits.

In the course of cryptographically securing the monitoring platform with regard to data storage, data exchange and deployment process, the lightweight stream cipher DRACO was designed, continuously developed and implemented in an authenticated encryption variant for the monitoring platform itself and for its backend.

Lightweight Authenticated Encryption using DRACO

DRACO was developed by ERNW Research GmbH in close cooperation with the working group Theoretical computer science and IT security the University of Mannheim and with the participation of the University of Siegen.

The cipher allows a reduction in chip area of ​​over 20 percent and a reduction in power consumption of over 30 percent compared to existing power ciphers used for such scenarios, such as Grain-128a, while maintaining the same high level of security. In the context of UNCOVER, DRACO is therefore not only very well suited to securing the data exchange between the FPGA-based, resource-limited monitoring platform of the vehicle and the backend, but also opens up more extensive application possibilities. In concrete terms, a future expansion of data acquisition for monitoring by placing sensors at critical points on the vehicle is conceivable. While such sensors are traditionally highly resource-limited, a high level of security must still be guaranteed in view of the potentially sensitive data that they would transmit to the monitoring platform. DRACO offers the appropriate options for this. Since not only confidentiality but also authenticity and integrity of the data exchanged between the monitoring platform and the backend must be guaranteed, DRACO was expanded to include corresponding functionalities in 2023 and integrated into the monitoring platform using FPGA.

It is also important to mention that the data recorded by the monitoring platform for transmission to the backend is protected not only during data transmission, but rather directly when it is initially stored locally in the vehicle using Authenticated Encryption (AE). This prevents unauthorized reading or manipulation of this sensitive data, even in the case of an attacker with physical access to the vehicle, as long as the symmetric key used remains secret (e.g. by using a hardware security module).

Further details about DRACO can be found in a separate Blog-Post and in the following under Publications specified publications/presentations.

If you are interested in DRACO or the entire BMBF-UNCOVER project, please contact us next week at the TROOPERS in Heidelberg an!

Cheers,
Andreas, Matthias, Patrick

Publications

The following publications were created in the project context with the participation of employees of ERNW Research GmbH:

• Matthias Hamann, Alexander Moch, Matthias Krause, Vasily Mikhalev. The DRACO Stream Cipher: A Power-efficient Small-state Stream Cipher with Full Provable Security against TMDTO Attacks. IACR Transactions on Symmetric Cryptology (ToSC), 2022(2): 1–42.
• Matthias Hamann, Alexander Moch, Matthias Krause, Vasily Mikhalev. The DRACO Stream Cipher – FSE 2023 Presentation (with additional new proposals for an update of the original DRACO Key Schedule). FSE 2023. 2023-03-20, Kobe, Japan.
• Matthias Stammler, Matthias Hamann, Jürgen Becker. Multilevel Security Model for Secure Information Flow Inside Software Components Employing Automated Code Generation. 2023 12th Mediterranean Conference on Embedded Computing (MECO). IEEE, 2023.
• Matthias Stammler, Matthias Hamann, Tanja Harbaum, Jürgen Becker. Mitigating Masking in Automotive Communication Systems: Modeling and Hardware Generation. 2023 26th Euromicro Conference on Digital System Design (DSD). IEEE, 2023.
• Matthias Stammler, Julian Lorenz, Eric Sax, Jürgen Becker, Matthias Hamann, Patrick Bidinger, Andreas Dewald, Paraskevi Georgouti, Alexios Camarinopoulos, Günter Becker, Klaus Finsterbusch, Maximilian Kirschner, Laurenz Adolph, Carl Philipp Hohl, Maria Rill, Daniel Vonderau, Victor Pazmino. UNCOVER: Data-Driven Design Support through Continuous Monitoring of Security Incidents. 2024 Design, Automation and Test in Europe Conference and Exhibition (DATE).