Send email Copy Email Address

automotive security & privacy



Cars are no longer defined by their mechanical construction but are heavily dependent on software that controls their behaviour. Even though automotive software is tested more thoroughly than consumer software, it still contains bugs. Reasons for that range from the use of third-party libraries to the fact that automotive software is usually written in low-level languages. Furthermore, a car reveals a lot of personal information about its occupants, from their daily routine to their tastes in music.



Security of In-Vehicle Communication. In recent years, several attacks have impressively demonstrated that the software running on embedded controllers in cars can be successfully exploited – often even remotely. The fact that components that were purely mechanical in the past have been computerized, such as connections to the brakes, throttle, and steering wheel, makes digital exploits life-threatening. Because of the interconnectedness of sensors, controllers and actuators, any compromised controller can impersonate any other controller by mimicking its control messages, thus effectively stripping the driver of their control. We are developing several security mechanisms that protect the computers of cars, so-called Electronic Control Units (ECUs), against vulnerabilities, detect intrusions. We also develop security-by-design architectures for automotive interconnectedness.

Privacy of Vehicle Data. We have developed methods for assessing the privacy of modern cars. Our methods support reverse engineering of intra-car and extra-car communication to discover and correlate sensor values and resulting privacy issues. In experimental analyses, we have shown that manufacturers collect a lot of personal information such as the weight of passengers, who is driving, the whereabouts of the car, and even usage statistics of doors, lights, AC and music taste. We also develop technical protection mechanisms that prevent inadvertent loss of data and put the occupants back in control of their data.

Torture-Testing for Autonomous Driving Testing. Car makers are conducting extensive testing of their autonomous vehicles on proofing grounds and in virtual pre-defined scenarios. Because proofing grounds do not offer a deterministic test field and are time-consuming, virtual hardware- and software-in-the-loop testing is used instead, as it provides the necessary reproducibility. We develop a systematic testing framework for autonomous driving algorithms. Our framework uses procedural scene generation to adapt to how a car handles a situation while driving. Our machine-generated scenes pronounce misbehaviour by tailoring new scenes based on monitored driving behaviour.