| First day ― October 3 (Wed) |
| 10:00 - 10:50 |
Japan's security policy
Cyber security strategy and background
Cabinet Secretariat
National center of Incident readiness and Strategy for Cybersecurity.(NISC)
Deputy Director-General
Dr. Tomoo Yamauchi
* This session was lectured by Ms. Yoshida Kyoko who is Counselior Strategy and Policy Planning, National Center of Incident readiness and Strategy for Cybersecurity. (NISC) , Cabinet Secretariat due to circumstances of Mr. Yamauchi.
|
| 11:00 - 11:55 |
Overview and status of ISO-SAE 21434 - "Road vehicles:Cybersecurity Engieerling"
This presentation will provide an update on the latest work taking place on the ISO/SAE 21434 Road Vihicle: Cybersecurity Engineerng by the joint SAE/ISO task force. An ovweview of the latest development activities for relese of the standard.
SAE International
Member of Standardisation Board, Cybersecurity Assurance Testing Task Force
Mr. Christopher Clark
|
| 11:55 - 13:30 |
Lunch
Luncheon Seminar (12:10 - 12:40)
* We serve lunch box to those who will listen to the sponsored lecture.
Security protection strategy of Intelligent connected vehicle communication based on IEEE1609.2 standard
OnBoard Security Inc
Business Development Director
Mr. Ryan Wu
|
| 13:30 - 14:00 |
Submitted lecture 1
Proposal of Anomaly Detection Method "Cumulative Sum Detection" for In-Vehicle Networks
This paper proposes cumulative sum detection,which can detect cyber-attacks on Controller Area Network (CAN). Well-known existing attack detection techniques for in-vehicle networks include cycle detection and delayed-decision cycle detection. These techniques cause false positives and false negatives when there are long delays or early arrivals involving usual periodic message reception.
The proposed technique can detect attacks with almost no false positives or false negatives, that is, highly accurately even when there are a long delays or early arrivals. This paper evaluates thedetection accuracy of existing techniques and theproposed technique using computer simulation withCAN data obtained from actual vehicles. By considering the evaluation result and the ease of parameter adjustment, we show that the cumulative sum detection is the best of these techniques.
FUJITSU Laboratories
Cyber Security Project, Security Research Laboratory
Senior Researcher
Mr. Jun Yajima
|
| 14:00 - 14:30 |
Submitted lecture 2
A Study on the Applicability of the Lesamnta-LW Lightweight Hash Function to TPMS
The Tire Pressure Monitoring System (TPMS) is used to monitor the pressure of the tires and to inform the driver of it. This equipment is mandatory for vehicles in US and EU. To ensure the security of TPMS, it is important to reduce the cost of the cryptographic mechanisms implemented in resourced-constrained devices. To address this problem, previous work has proposed countermeasures employing lightweight block ciphers such as PRESENT, SPECK, or KATAN. However, it is not clear to us that any of these works have addressed the issues of software optimization that considers TPMS-packet protection as well as session key updates for architectures consisting of the vehicle TPMS ECU and four low-cost TPM sensors equipped with the tires. In this paper, we propose to application of the ISO/IEC 29192-5 lightweight hash function Lesamnta-LW to address this issue. Our approach is to apply the known method of converting Lesamnta-LW to multiple independent pseudo-random functions (PRFs) in TPMS. In our case, we generate five PRFs this way and then use one PRF for MAC-generation and four for key derivation. Although we follow the NIST SP 800-108 framework of converting PRFs to key derivation functions, we confirm the significant advantage of Lesamnta-LW-based PRFs over HMAC-SHA-256 by evaluating the performance on AVR 8-bit micro-controllers, on which we consider simulating TPMS sensors. We expect that our method to achieve multiple-purposes with a single cryptographic primitive will help to reduce the total implementation cost required for TPMS security.
National Institute of Advanced Industrial Science and Technology(AIST)
AIST Postdoctoral Researcher
Dr. Yuhei Watanabe
|
| 14:35 - 15:30 |
Passive Keyless Entry
The Relay Attack & Emerging Solutions
Thatcham Research
Chief Technical Officer
Mr. Richard Billyeald
|
| 15:50 - 16:45 |
Analyzing the Security of Cars Efficiently
|
| 17:00 - 18:30 |
Networking party
|
| the 2nd day ― October 4 (Thur) |
| 10:00 - 10:55 |
Service communication - a new communication paradigm creates new security challenges
As vehicle functions increase in complexity due to increased ADAS functionality
and online updatability, OEMs are looking towards new technologies to adjust to the new requirements. One such technology is service communication which introduces an entirely new communication paradigm alongside the well-established signal communication. While for the latter many security mechanisms have been proposed and implemented in the field in recent years, this new form of communication introduces an additional set of security challenges to which the currently known techniques do not apply. We provide an overview of the mechanisms of service communication, what kind of new security requirements arise from it and what unique limitations are placed on the necessary additional security mechanisms due to their implementation inside a vehicle. We then provide a sketch of a solution which fulfills the security requirements while staying within the boundaries that the previously described limitations provide.
|
| 11:00 - 11:55 |
Vehicle E&E Architecture Specific Security Features Configuration Strategy
Cyber Security experts,
TATA Motors Ltd, PV Engineering
Mr. Ashis Patra
|
| 11:55 - 13:00 |
Lunch
Luncheon Seminar (12:05 - 12:35)
* We serve lunch box to those who will listen to the sponsored lecture.
Security measures through product life cycle in connected cars
PwC Consulting
Manager
Mr. ken Okuyama
|
| 13:00 - 13:30 |
Submitted lecture 3
Real-Time Electrical Data Forgery in In-vehicle Controller Area Network Bus
A Controller Area Network (CAN) is a bus standard for embedded devices that is widely used in-vehicle networks. CANs are equipped with a bit monitoring mechanism that determines if intended data are transmitted. Therefore, CANs are difficult to attack, such as rewriting data in real-time. However, attacks on analog signals carrying digital data (i.e.,attacks that manipulate the potential difference on CAN Bus) are possible. We show the theory of Real-Time Electrical Data Forgery in CAN Bus where the transmitted data can be manipulated by some attacker and the resultant data is received as the attacker intended while the sending side recognizes that the transmitted data arrives at the receiving side as it is. In addition, we demonstrate that this attack is possible on an in-vehicle CAN bus. Furthermore, we discuss replacement type electrical data falsification, which is a more advanced attack with high attack success probability, and highlight the need for improved security measures.
Yokohama National University
Graduate School of Environment and Information Sciences
Mr. Kazuki Shirai
|
| 13:30 - 14:00 |
Submitted lecture 4
An Analysis of Open-Source Software Risks in the Automotive Industry
Open-source software is prevalent in various industries and is also increasing in the automotive industry especially for infotainment systems. There are several benefits with open-source software that allows innovation while reducing costs for non-competitive technologies. However, with more than 100 million lines of code in a modern vehicle and a complex supply chain involving multiple software suppliers it is imperative to understand what software is included and what risks exist in the software. We propose how two software composition analysis solutions can be used by OEMs and suppliers to understand the included open-source software components and the associated security and license risks. To give examples of how the software composition analysis works, we analyzed ten automotive software packages. All ten software contain open-source components with critical vulnerabilities. Finally, we discuss best practices for managing open-source risk across the automotive supply chain.
Nihon Synopsys
Sr.Solution Architect, Software Group
Dr. Dennis Kengo Oka
|
| 14:15 - 15:10 |
Block Chain Technology for EV charging station with ChubuElectric Power
|
| 15:15 - 16:10 |
Cyber Security, the dynamic change in front of us.
Today, the automotive industry faces many issues. Traffic accident fatalities, CO2 emissions, disruptive technologies, to just name a few. The change in front of us is dynamic and yet so drastic that we may have to change our way of thinking. What are the changes in front of us? And what kind of challenge does this change bring? From this bigger picture, let’s take out the aspect of vehicle connectivity and think about what could be the future of cyber security that the automotive world needs.
Continental Automotive Japan
Head of Segment 3, Japanese OEMs Body & Security
Interior Japan
Mr. Hideya Aoki
|
| 16:30 - 17:30 |
Panel Discussion "UN WP 29"
· Automotive security certification;
Third party or self-certification or Government agency
· Target of FOTA; Whole ADAS or a part of function
· Required security level at level 2
· Inspection and maintenance
Panelists
Riscure
Principal Security Analyst
Mr. Niek Timmers
Volkswagen
Vehicle security engineer
Mr. Alexander Tschache
Cyber Security experts,
TATA Motors Ltd, PV Engineering
Mr. Ashis Patra
Continental Automotive Japan
Head of Segment 3, Japanese OEMs Body & Security
Interior Japan
Mr. Hideya Aoki
Moderator
BOSCH
Section Manager Group3,
AE-BE Application Engineering Dept.
Automotive Electronics (AE) Div.
Dr. Camille VUILLAUME
|
