• Keine Ergebnisse gefunden

Security for Vehicular Information

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2022

Aktie "Security for Vehicular Information"

Copied!
1
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 1 Seite )

Volltext

(1)

i

i “poster” — 2019/2/12 — 9:41 — page 1 — #1

i i

i i

i i

Security for Vehicular Information

Sponsored by the

Introduction

SecVI designs and analyses network secu- rity architectures that are flexible, robust, and of reduced complexity to protect the entire communication system of a vehicle. Work includes the verification of online updates as well as continuous monitoring of flows be- tween ECUs and network components. Flow monitoring is a good technique to prevent cyber-attacks on the vehicle in a robust way while keeping most existing components of the vehicle unchanged.

Software-Defined Networking

The control plane of network devices is sep- arated from the data plane.

An SDN-Controller is introduced to pro- gram the network devices.

The flow based forwarding devices of the data plane are connected to the SDN con- troller via the OpenFlow protocol.

This allows for a central management of all flows with comprehensive control func- tionality, management applications and security functions.

Security Cluster

The Security Cluster monitors the security state of the in-vehicular network.

It hosts the SDN-Controller and is connected to the forwarding devices in a separate con- trol network.

Has knowledge about all implemented flows and is able to add, modify and delete flows.

Collects the reported anomalies of NADS’s and flow table misses of forwarding devices.

The Security Cluster initiates adequate coun- termeasures if possible.

Defence mechanisms range from adding or removing flows to disconnecting certain nodes at the forwarding devices.

Network Anomaly Detection System

An NADS is connected to each switch.

NADS analyses network metrics such as the utilised bandwidth and average frame size per flow.

Machine learning with the K-means clus- tering algorithm is used to learn the flow behaviour.

Outliers of the learned clusters are recog- nised as anomalies and reported to the Se- curity Cluster.

Attack Scenarios

Simple Message Attack

Messages do not match any existing flows.

First switch on the path reports a flow ta- ble miss to the Security Cluster.

Flow Hijack Attack

Messages match an existing flow and are forwarded along the programmed path.

The NADS detects misbehaviour and re- ports it to the Security Cluster.

In both scenarios the Security Cluster can execute countermeasures.

Website: https://secvi.inet.haw-hamburg.de

Referenzen

Jetzt herunterladen ( PDF - 1 Seite - 1.05 MB )

ÄHNLICHE DOKUMENTE

The Challenges of Complying with the Kyoto Protocol

A wide range of estimates from 0 to 3 per cent of GDP have been presented for the cost of meeting the reduction target by the Analysis and Modeling Group in its "Assessment of

PROTOCOL RELATING TO THE ESTABLISHMENT OF THE PEACE AND SECURITY COUNCIL OF THE AFRICAN UNION

At the request of the Peace and Security Council or the Chairperson of the Commission, or at its own initiative, the Panel of the Wise shall undertake such action deemed appropriate

Preparing Government for the Data and Information Needs of the 21

The second theme under this topic centered on the challenges to information being viewed as a strategic asset, particularly the fact that there is difficulty in sharing

The significance of coherent flow structures for the turbulent mixing in wall-bounded flows

Under this assumption, it can be shown by analysing all possible tracer patterns for a single flow field realization that the particle images must be exactly identical in size,

The K-Y Protocol: The First Protocol for the Regulation of Crypto Currencies (E.g.-Bitcoin)

Since various countries have currencies of their own with differing Exchange rates, we have defined a NationCoin Unit asOne NationCoin Unit=One NationCoin X Exchange rate of

Data and information management for the CMTT synthesis

In 2001, the CMTT Global Synthesis group invited the World Data Centre for Marine Environmental Sciences (WDC-MARE) to take care for information and data management during and

The JGOFS data management is the responsibility of each national participant, without a centralized clearinghouse for the data

Among the recent data management projects are the final global data synthesis for the Joint Global Ocean Flux Study (JGOFS) and the International Marine Global

The Importance of Information Security Management in Crisis Prevention in the Company

Areas related to organizational aspects are: security policy, organization of information security, asset management, human resources security, operational procedures