Modern cars have become complex digital devices. Therefore, Automotive Cyber Security is one of the most important issues. The escar conference provides a forum for collaboration among private industry, academia and government, regarding modern in-vehicle Cyber Security threats and vulnerabilities as well as risk mitigation and countermeasures. International and high-quality speakers give recent insights and encourage discussions.
It’s the 17th escar in Europe! Since it started in 2003, the escar conference established itself as a world’s leading conference in the field of Automotive Cyber Security. Due to its continuous success, the conference is now organized internationally in Europe, USA and Asia. Last year’s European conference in Brussels, Belgium reached the highest number of attendees since it started. Be a part of the 17th escar Europe, meet interesting people and listen to insightful talks.
Each year, the attendees and exhibitors enjoy insightful and cheerful conference days and benefit from interesting talks and good networking. The escar conference offers an opportunity for information exchange, networking and is a platform to define research needs. The productive exchange of knowledge, insights and ideas is the start for many constructive collaborations and valuable connections between private industry, academia and government.
A block of rooms with a reduced price has been reserved at Mövenpick Hotel Stuttgart Airport.
Reservations must be made by Friday, November 01, 2019 and can be made by calling (+49 711 553440) the hotel directly or by Mail. Please use the keyword “escar Europe 2019".
Mövenpick Hotel Stuttgart Airport
We strongly encourage you to make your hotel reservations early. There are a limited number of rooms available at the discounted rate.
Alternative Hotel nearby: “Wyndham Stuttgart Airport Messe”
The Stuttgart Airport is nearby. In fact, you can walk from the airport to the congresscenter (10-minute walk). If you stay at the Mövenpick Hotel – it’s directly connected to the airport and the congresscenter.
Stuttgart is an environmental zone, where only vehicles displaying a green sticker are permitted. The congresscenter is outside the city precincts, so you do not need an environmental sticker when you visit the conference. A parking lot is directly connected to the congresscenter.
There are direct ICE connections to and from many national and international destinations. Travel to Stuttgart Main Station and then to “Flughafen/Messe” (Airport / Congresscenter). Deutsche Bahn offers an Event Ticket at a single nationwide price, available at every DB station.
isits AG (International School of IT Security) is a leading provider of further training and conferences in the field of IT Security. Moreover, the company has established itself throughout Europe as a vocational education and training institute. isits AG initiated escar conference in 2003.
ESCRYPT GmbH is the leading system provider for embedded security worldwide. The company has extensive expertise in embedded security and is familiar with the major industries. ESCRYPT has been the event partner of escar conference since its beginning.
Phone: +49 234 92 7898-19
Phone: +49 234 92 7898-18
Most of the focus in current in-vehicle communication security is either demonstrating in-security by performing comparatively entry-level attacks on the communication buses like simple replays or on adding encryption to communications to mitigate these kinds of attacks. This leaves many aspects that are related to security behind a curtain where they still exist, but they are usually overlooked.
Examples of such aspects include the vast functionality that diagnostic services provide, but also bugs that can exist in the implementation of CAN-based protocols. In our workshop, we will talk about some of these aspects, what impact they have, and how to use a specialized automotive security tool, the CANBadger, to discover and exploit some of them.
In particular, the following topics will be addressed:
After completing this workshop, the attendees will be aware of many factors that are important to vehicle security not only from the application layer, but as well as in the protocols, implementation, topology and routing of the networks that exist inside vehicles. The workshop will offer both theory and practical challenges based on real-world vehicle systems on a communications level.
In order to make the most of this workshop, a computer (mac or pc) is required. Each participant will receive a CanBadger V2. Optionally, the attendees might want to bring their own PC-CAN interface (P-CAN, ValueCAN...). Should you bring your own CAN interface, please make sure that you have all the nececssary software installed prior to the workshop. Due to restricted time, no support for the installation of tools and libraries can be provided during the workshop.
Implementing industrial security requires both theoretical and practical knowledge about cryptographic algorithms and the corresponding applications. A huge variety of different security tools and libraries support us in our daily work. Security for some standard applications such as web services might easily be configured whereas, e.g., securing embedded applications can be quite challenging.
Within this workshop we will cover both the theoretical side of cryptography as well as the practical part. The workshop features an introductory part covering cryptography and data security including most prominent standards and its implementation on conventional platforms as well as on embedded systems. In the practical part of the workshop, we will use security tools/ libraries which are widely used and available for free (e.g., OpenSSL and mbedTLS). In industry, such tools and libraries are widely used for, e.g., creating reference implementations. OpenSSL is a very comfortable tool and library which implements a vast variety of cryptographic algorithms and protocols and can be used, e.g., to generate certificates and CA structures. The mbedTLS library offers efficient cryptographic primitives and can be used to implement, e.g., a TLS layer with low footprint. Participants are encouraged to bring their own notebooks. In the practical part of the workshop, time and guidance will be provided for implementing basic examples.
All participants are encouraged to bring their own devices to follow the practical part. Kindly note that no notebooks/ laptops will be provided. Due to restricted time, no support for the installation of tools and libraries can be provided during the workshop. For the examples, we will use simple command line options and/ or text editors. No IDE is required. However, participants are free to use their own IDE.
For those who want to implement the examples during the workshop:
Securing the E/E architecture of modern vehicles has become a hot topic in the automotive industry. Cutting-edge technology advances not only introduced new business models as, e.g., over-the-air updates and vehicle-specific software activation, but also increased the driving comfort (e.g., by smooth integration of customer end devices and head-up displays), and even enabled vehicles partially overtake human intervention during the driving process.
The new use-cases result in enhanced security requirements on ECUs and E/E architectures. A holistic automotive security concept for E/E architectures considers not only secure communication between external (e.g., backend) or internal (e.g., sensors) components, but as well challenges caused by, e.g., the introduction of automotive Ethernet and new E/E architecture designs. More concretely, automotive security encloses methods used to prevent the malicious deviation of the implemented functionality of the system by guaranteeing the confidentiality, integrity and/or authenticity of relevant assets of the E/E architecture (as e.g. the software). In this workshop, we will give an overview about the state of the art in this area and how security is currently integrated in E/E architectures. A special focus will be devoted to ESCRYPT’s model of multi-layer approach. The multi-layer approach defines security to be implemented at different levels: from single components over secure internal communication and isolation of safety relevant functionality up to secure communication channels to external entities. Concrete measures enabling to protect E/E architecture will be addressed, such as secure boot, secure flash and secure on-board communication. Finally, we will approach upcoming topics, such as Ethernet security, virtualization and service oriented communication.
No special knowledge of automotive security is required for this tutorial. Some experience with basic cryptographic tools is however recommended.
The UNECE WP.29 cybersecurity draft regulation and the upcoming ISO/SAE 21434 require OEMs and the supply chain to implement a cybersecurity management system (CSMS), i.e. a risk-based approach to maintain an active and adequate security posture throughout the entire product life-cycle. This tutorial is for everyone who is involved in implementing all or parts of a CSMS, e.g. senior managers, product security governance, quality managers, product managers, security engineers, and others.
In the first part of the tutorial, we discuss the latest status and timelines of relevant regulatory and standardization activities. We also look at the trends that drive many of the security requirements such as increasing connectivity and higher levels of automated driving. Understanding both the requirements and their motivations provides a solid foundation for implementing a CSMS.
In the next and main part of the tutorial, we cover the main process activities and artefacts of a CSMS. A crucial feature is the risk-centered approach in all phases. In fact, developing secure products requires the engineering processes to consider security both before and after SOP. Consequently, this tutorial will cover:
The final part of the tutorial focuses on a successful rollout of a CSMS across the organization. From gap analyses to trainings, we examine tools and their individual benefits so that you can start implementing your CSMS.