17th escar Europe

The World‘s Leading
Automotive Cyber Security Conference

November 19 and 20, 2019
Stuttgart, Germany
Get your ticket now
Early Bird Tickets are available now !

Benefit from a productive exchange of insights on Automotive Cyber Security

Modern cars have become complex digital devices. Therefore, Automotive Cyber Security is one of the most important issues. The escar conference provides a forum for collaboration among private industry, academia and government, regarding modern in-vehicle Cyber Security threats and vulnerabilities as well as risk mitigation and countermeasures. International and high-quality speakers give recent insights and encourage discussions.

Be a part of the World’s Leading Automotive Cyber Security Conference

It’s the 17th escar in Europe! Since it started in 2003, the escar conference established itself as a world’s leading conference in the field of Automotive Cyber Security. Due to its continuous success, the conference is now organized internationally in Europe, USA and Asia. Last year’s European conference in Brussels, Belgium reached the highest number of attendees since it started. Be a part of the 17th escar Europe, meet interesting people and listen to insightful talks.

Connect with people globally working on the same and adjoining issues

Each year, the attendees and exhibitors enjoy insightful and cheerful conference days and benefit from interesting talks and good networking. The escar conference offers an opportunity for information exchange, networking and is a platform to define research needs. The productive exchange of knowledge, insights and ideas is the start for many constructive collaborations and valuable connections between private industry, academia and government.

Get your ticket now

Top Speaker

Sebastian Faust

Professor at the Computer Science Department of the Technical University of Darmstadt

Jonathan Petit

Principal Engineer at Qualcomm Technologies, Inc., where he leads research in systems security

Timo Winkelvos

Automotive Cybersecurity Engineer working for Volkswagen AG

Conference Program

Tuesday, November 19, 2019

08:30 - 09:00
Registration Workshop Participants
09:00 - 12:00
Workshops, Tutorial, Social Event
Further Information
12:00 - 13:40
Lunch

Official beginn of 17th escar Europe conference

13:30 - 13:45
Chairman’s welcome and opening address

Keynote

13:45 - 14:30
Trusted Electronics for Automotive Systems
Georg Sigl | Technical University of Munich
Session I | Security Management and Post-Quantum Crypto
14:30 - 15:00
Establishing  an Automotive Cyber Defense Center
Falk  Langer, Fabian Schueppel and Lukas Stahlbock
Speaker:
Falk Langer & Lukas Stahlbock
15:00 - 15:30
Post-Quantum Key Exchange Mechanism for Safety Critical Systems
Tim  Fritzmann, Johanna Sepulveda and Jonas Vith
Speaker:
Tim Fritzmann
15:30 - 16:15
Coffee  break

Invited Talk

16:15 - 16:45
Blockchain  Technology: Hope, Hype, High-Tech
Sebastian Faust | Technical University of Darmstadt
Session  II | Intrusion and Misbehavior Detection
16:45 - 17:15
Application-aware  Intrusion Detection: A Systematic Literature Review and Implications for Automotive Systems
David  Schubert, Hendrik Eikerling and Jörg Holtmann
Speaker:
David Schubert
Intrusion  Detection and Prevention System for FlexRay against spoofed frame injection
Takeshi  Kishikawa, Ryo Hirano, Yoshihiro Ujiie, Tomoyuki Haga, Hideki Matsushima,  Kazuya Fujimura and Jun Anzai
Speaker:
Takeshi Kishikawa
Deterministic  Sybil Attack Exclusion in Cooperative-Intelligent Transportation Systems
Jan  Trauernicht and Dr.-Ing. Norbert Bißmeyer
Speaker:
Jan Trauernicht
17:15 - 17:45
17:45 - 18:15
19:30 - 23:00

Dinner at Mövenpick Hotel Stuttgart Airport

Flughafenstraße 50, 70629 Stuttgart, Germany
Please note that attending dinner requires a pre-reservation.

Wednesday, November 20, 2019

Keynote

09:00 - 09:45
Automated  Driving Security
Jonathan Petit | Qualcomm
Session III | Safety and Security
09:45 - 10:15
10:15 - 10:45
10:45 - 11:30
Coffee  break
Safety  Goals in Vehicle Security Analyses – A Method to Assess Malicious Attacks  with Safety Impact
David Förster, Claudia Loderhose, Thomas Bruckschlögl and Franziska Wiemer
Speaker:
David Förster
The  Challenge of being Safe and Secure - Designing Process Interfaces between Safety and Security
Joachim  Graf, Juergen Klarmann, Claudia Loderhose and Franziska Wiemer
Speaker:
Claudia Loderhose

Invited Talk

11:30 - 12:00
Volkwagen Vehicle Key Management System – Key to cryptography in Cars: Challenges,  Requirements, Solution
Timo Winkelvos | Volkswagen
Session  IV | Securing Onboard Communication
12:00 - 12:30
12:30 - 13:00
13:00 - 14:30
Lunch  & Poster & Exhibition
Assessment  and Guidance for AUTOSAR Secure Onboard Communication Application
David Tromba and Julia Huber
Speaker:
David Tromba & Julia Huber
Introducing HSM-based secure on-board communication in vehicles - Challenges and Lessons Learned
Frederic  Stumpf, Christopher Pohl, Daniel Hoettges and Tobias Klein
Speaker:
Frederic  Stumpf

Invited Talk

14:30 - 15:00
Road Vehicles’ Life-Cycle - Mapping of Relevant Standards and Regulations for Automotive Cybersecurity
Mathias Dehm | Continental
Session  V | (In-)Secure Boot
15:00 - 15:30
15:30 - 16:00
16:00 - 16:15
Outlook and closing remarks by the chairman
Secure  Boot Revisited: Challenges for Secure Implementations in the Automotive  Domain
Liron  Kaneti, Steffen Sanwald, Marc Stöttinger and Martin Böhner
Speaker:
Marc Stöttinger & Nizzan Kruvi
Insecure Boot
Andrea Barisani
Speaker:
Andrea Barisani

Tickets

Each Ticket includes:

  • Get-together with one welcome drink and a small snack

  • Social Program: Airport Tour

  • Conference Dinner

Student

(age 27 limit)
€ 369.00*
Register now

Regular

€ 949.00*
Register now

Speaker

(for Speakers only)
€ 689.00*
Register now
*plus 19% VAT

Social Program

Enjoy an exclusive airport tour at the Stuttgart Airport!

Taking place November 19th, 10:00am – 12:00am.
The social program is held parallel to our workshops and is not overlapping with the presentations.
Every year, we invite the conference attendees to a special social program in the local area. This year, we invite all curious and flight enthusiast to an airport tour at the Stuttgart Airport. During the tour through the airport, you can see how the aircraft on the apron are being prepared for take-off. Take a look at the large luggage distributor and, with a stopover on the apron, have a close look at the aircraft handling.

Meeting Point: 09:30 am in the Lobby of the congresscenter

The tour is limited to 60 participants! Please make sure to add the social program to your cart in the registration progress if you want to attend the tour.
Also included in the conference fee:

Additional Workshops and Tutorials

Taking place November 19th, 09:00am - 12:00am

Our workshops and our tutorials are held parallel to our social program and are not overlapping with the presentations.
Workshop 1

Practical In-Vehicle Communications Hacking

Henrik Ferdinand Nölscher, Javier Vazquez
Read more
Workshop 2

Hands on Cryptography
- A Practical Tutorial to Encryption, Digital Signatures, and Certificates

Prof. Dr.-Ing. Jan Pelzl
Read more
Tutorial 1

E/E Security in Cars

Ramona Jung
Read more
Tutorial 2

Implementing Cybersecurity Management Systems

Jan-Felix van Dam & Moritz Minzlaff
Read more
Please note:
In order to guarantee a good workshop atmosphere and for you to be able to gain new insights or deepen your knowledge successfully, the number of participants is limited to 35 in each workshop.

The workshop / tutorial fee is € 299,00 (plus VAT 19%). Simply add the workshop of your choice in the registration process.

The Venue

We are looking forward to welcoming you in Stuttgart, Germany! The 17th escar conference will take place at the International Congresscenter Stuttgart (Messe Stuttgart):
Landesmesse Stuttgart GmbH
ICS International Congresscenter Stuttgart
Messepiazza 1
70629 Stuttgart
Germany
Link to Route Planner at Google Maps

Accommodation

A block of rooms with a reduced price has been reserved at Mövenpick Hotel Stuttgart Airport.

Reservations must be made by Friday, November 01, 2019 and can be made by calling (+49 711 553440) the hotel directly or by Mail. Please use the keyword “escar Europe 2019".

Mövenpick Hotel Stuttgart Airport
Flughafenstrasse 50
70629 Stuttgart
Germany

We strongly encourage you to make your hotel reservations early. There are a limited number of rooms available at the discounted rate.

Alternative Hotel nearby: “Wyndham Stuttgart Airport Messe”

Access routes

By plane

The Stuttgart Airport is nearby. In fact, you can walk from the airport to the congresscenter (10-minute walk). If you stay at the Mövenpick Hotel – it’s directly connected to the airport and the congresscenter.

By car

Stuttgart is an environmental zone, where only vehicles displaying a green sticker are permitted. The congresscenter is outside the city precincts, so you do not need an environmental sticker when you visit the conference. A parking lot is directly connected to the congresscenter.

By train

There are direct ICE connections to and from many national and international destinations. Travel to Stuttgart Main Station and then to “Flughafen/Messe” (Airport / Congresscenter). Deutsche Bahn offers an Event Ticket at a single nationwide price, available at every DB station.

Get your conference ticket now

The initiators behind the escar conference

Event Organizer

isits AG (International School of IT Security) is a leading provider of further training and conferences in the field of IT Security. Moreover, the company has established itself throughout Europe as a vocational education and training institute. isits AG initiated escar conference in 2003.

Event Partner
ESCRYPT GmbH is the leading system provider for embedded security worldwide. The company has extensive expertise in embedded security and is familiar with the major industries. ESCRYPT has been the event partner of escar conference since its beginning.

Contact

Any questions or requests? Our escar conference team Europe is pleased to assist you:

Conference Manager

Henning Frohn

E-Mail: frohn@is-its.org
Phone: +49 234 92 7898-19

Managing Director

Birgitte Baardseth

E-Mail: baardseth@is-its.org
Phone: +49 234 92 7898-18

Get your ticket now

Sponsors

Get your ticket now

Workshop 1: Practical In-Vehicle Communications Hacking (Henrik Ferdinand Nölscher, Javier Vazquez)

Most of the focus in current in-vehicle communication security is either demonstrating in-security by performing comparatively entry-level attacks on the communication buses like simple replays or on adding encryption to communications to mitigate these kinds of attacks. This leaves many aspects that are related to security behind a curtain where they still exist, but they are usually overlooked.

Examples of such aspects include the vast functionality that diagnostic services provide, but also bugs that can exist in the implementation of CAN-based protocols. In our workshop, we will talk about some of these aspects, what impact they have, and how to use a specialized automotive security tool, the CANBadger, to discover and exploit some of them.

In particular, the following topics will be addressed:

  • CAN layers 1-3
  • Errors in CAN and how to exploit them
  • Penetration testing on Diagnostics implementation(UDS and ISO-TP)
  • Introduction to the CANBadger V2

After completing this workshop, the attendees will be aware of many factors that are important to vehicle security not only from the application layer, but as well as in the protocols, implementation, topology and routing of the networks that exist inside vehicles. The workshop will offer both theory and practical challenges based on real-world vehicle systems on a communications level.

In order to make the most of this workshop, a computer (mac or pc) is required. Each participant will receive a CanBadger V2. Optionally, the attendees might want to bring their own PC-CAN interface (P-CAN, ValueCAN...). Should you bring your own CAN interface, please make sure that you have all the nececssary software installed prior to the workshop. Due to restricted time, no support for the installation of tools and libraries can be provided during the workshop.

Workshop 2: Hands on Cryptography - A Practical Tutorial to Encryption, Digital Signatures, and Certificates (Prof. Dr.-Ing. Jan Pelzl, University Hamm-Lippstadt)

Implementing industrial security requires both theoretical and practical knowledge about cryptographic algorithms and the corresponding applications. A huge variety of different security tools and libraries support us in our daily work. Security for some standard applications such as web services might easily be configured whereas, e.g., securing embedded applications can be quite challenging.

Within this workshop we will cover both the theoretical side of cryptography as well as the practical part. The workshop features an introductory part covering cryptography and data security including most prominent standards and its implementation on conventional platforms as well as on embedded systems. In the practical part of the workshop, we will use security tools/ libraries which are widely used and available for free (e.g., OpenSSL and mbedTLS). In industry, such tools and libraries are widely used for, e.g., creating reference implementations. OpenSSL is a very comfortable tool and library which implements a vast variety of cryptographic algorithms and protocols and can be used, e.g., to generate certificates and CA structures. The mbedTLS library offers efficient cryptographic primitives and can be used to implement, e.g., a TLS layer with low footprint. Participants are encouraged to bring their own notebooks. In the practical part of the workshop, time and guidance will be provided for implementing basic examples.

Workshop outline:


Prerequisites:
All participants are encouraged to bring their own devices to follow the practical part. Kindly note that no notebooks/ laptops will be provided. Due to restricted time, no support for the installation of tools and libraries can be provided during the workshop. For the examples, we will use simple command line options and/ or text editors. No IDE is required. However, participants are free to use their own IDE.

For those who want to implement the examples during the workshop:

  • Working copy of OpenSSL (any OS), see https://www.openssl.org for more information on how to download and install OpenSSL
  • Working copy of mbedTLS (any OS), see https://tls.mbed.org for more information on how to download and install mbedTLS on your particular platform. For using mbedTLS in the workshop, a standard C library and a compiler is required.

Tutorial: E/E Security in Cars (Ramona Jung, ESCRYPT GmbH)

Securing the E/E architecture of modern vehicles has become a hot topic in the automotive industry. Cutting-edge technology advances not only introduced new business models as, e.g., over-the-air updates and vehicle-specific software activation, but also increased the driving comfort (e.g., by smooth integration of customer end devices and head-up displays), and even enabled vehicles partially overtake human intervention during the driving process.

The new use-cases result in enhanced security requirements on ECUs and E/E architectures. A holistic automotive security concept for E/E architectures considers not only secure communication between external (e.g., backend) or internal (e.g., sensors) components, but as well challenges caused by, e.g., the introduction of automotive Ethernet and new E/E architecture designs. More concretely, automotive security encloses methods used to prevent the malicious deviation of the implemented functionality of the system by guaranteeing the confidentiality, integrity and/or authenticity of relevant assets of the E/E architecture (as e.g. the software). In this workshop, we will give an overview about the state of the art in this area and how security is currently integrated in E/E architectures. A special focus will be devoted to ESCRYPT’s model of multi-layer approach. The multi-layer approach defines security to be implemented at different levels: from single components over secure internal communication and isolation of safety relevant functionality up to secure communication channels to external entities. Concrete measures enabling to protect E/E architecture will be addressed, such as secure boot, secure flash and secure on-board communication. Finally, we will approach upcoming topics, such as Ethernet security, virtualization and service oriented communication.

No special knowledge of automotive security is required for this tutorial. Some experience with basic cryptographic tools is however recommended.

Implementing Cybersecurity Management Systems
(Jan-Felix van Dam & Moritz Minzlaff)

The UNECE WP.29 cybersecurity draft regulation and the upcoming ISO/SAE 21434 require OEMs and the supply chain to implement a cybersecurity management system (CSMS), i.e. a risk-based approach to maintain an active and adequate security posture throughout the entire product life-cycle. This tutorial is for everyone who is involved in implementing all or parts of a CSMS, e.g. senior managers, product security governance, quality managers, product managers, security engineers, and others.

In the first part of the tutorial, we discuss the latest status and timelines of relevant regulatory and standardization activities. We also look at the trends that drive many of the security requirements such as increasing connectivity and higher levels of automated driving. Understanding both the requirements and their motivations provides a solid foundation for implementing a CSMS.

In the next and main part of the tutorial, we cover the main process activities and artefacts of a CSMS. A crucial feature is the risk-centered approach in all phases. In fact, developing secure products requires the engineering processes to consider security both before and after SOP. Consequently, this tutorial will cover:

  • Risk assessment
  • Concept phase
  • Development phase
  • Post-development incl. incident handling

The final part of the tutorial focuses on a successful rollout of a CSMS across the organization. From gap analyses to trainings, we examine tools and their individual benefits so that you can start implementing your CSMS.

Registration escar Europe 2019