460-4134/01 – Methods of Computer Security of Automotive Systems (MPBAS)

Gurantor department	Department of Computer Science	Credits	5
Subject guarantor	Ing. Svatopluk Štolfa, Ph.D.	Subject version guarantor	Ing. Svatopluk Štolfa, Ph.D.
Study level	undergraduate or graduate	Requirement	Compulsory
Year	2	Semester	winter
		Study language	Czech
Year of introduction	2019/2020	Year of cancellation	2023/2024
Intended for the faculties	FEI	Intended for study types	Follow-up Master

Instruction secured by
Login	Name	Tuitor	Teacher giving lectures
PLU042	Ing. Jan Plucar, Ph.D.
STO231	Ing. Jakub Štolfa, Ph.D.
STO03	Ing. Svatopluk Štolfa, Ph.D.

Extent of instruction for forms of study
Form of study	Way of compl.	Extent
Full-time	Credit and Examination	2+2

Subject aims expressed by acquired skills and competences

The course is divided into several learning blocks: theoretical introduction, where basic terms from the cyber security will be explained, comparison of the systems that are used in automotive domain and possibility threads that can be used to attack these systems. Course graduate shall be able to understand the cybersecurity possible issues and shall be able to develop "cyber secure" automotive systems and perform possible penetration tests on them.

Teaching methods

Lectures
Tutorials

Summary

The course concern is to the development of cybersecure automotive components, penetration testing, securing car to car communication, following standards from the automotive domain. Students will learn historical classic attacks, modern approaches and algorithms that can be easily use for the attack of automotive components. Course is also oriented to the methods of securing of automotive components, protection of data and anonymization of data.

Compulsory literature:

Vehicle Electrical System Security Committee. SAE J3061 Cybersecurity Guide- book for Cyber-Physical Automotive Systems. Dietmar P.F. Möller, Roland E. Haas: Guide to Automotive Connectivity and Cybersecurity: Trends, Technologies, Innovations and Applications, Springer; 1st ed. 2018 edition (November 11, 2018), ISBN-10: 331973511X ISBN-13: 978-3319735115 Craig Smith: The Car Hacker's Handbook: A Guide for the Penetration Tester, 1st Edition, No Starch Press; 1 edition (March 1, 2016), ISBN-10: 9781593277031 ISBN-13: 978-1593277031

Recommended literature:

Craig Gibbs: Automotive Cybersecurity: Issues and Vulnerabilities (Transportation Issues, Policies and R&d), Nova Science Pub Inc; UK ed. edition (October 20, 2016), ISBN-10: 1634859871, ISBN-13: 978-1634859875 Shamik, Ghosh: Automotive Cybersecurity - From perceived threat to stark reality, About publishing group, July 2016 Allisa Knight: Hacking Connected Cars: Tactics, Techniques, and Procedures, 1st Edition, Wiley; 1 edition (January 30, 2019), ISBN-10: 1119491800, ISBN-13: 978-1119491804

Way of continuous check of knowledge in the course of semester

Rated examples in tutorials and written and oral examination.

E-learning

Other requirements

Rated examples in practices and written and oral examination.

Prerequisities

Subject has no prerequisities.

Co-requisities

Subject has no co-requisities.

Subject syllabus:

Lectures: 1. Introduction to the cybersecurity: explanation of the basic terms, examples of the historical attacks, vectors of attacks. 2. Penetration testing and testing paradigm: What, how and when to test. Testing techniques and frameworks 3. Internet web services: securing application interface and management of access to the web services 4. Network of internet robots (botnet) and cyber attacks like denial of service (DOS, DDOS) 5. Network services and home networks: surveillance systems, network security, logging of network activities. 6. Connecting of mobile devices and comunication between cars: communication protocols, attacks like "Man in the middle". 7. Management of content and securing of data: anonymization of data, secure storing of data, encryption of data, basic principles of GDPR and their application in automotive domain. 8. The cybersecurity lifecycle - Overview of the lifecycle with reference to e.g. SAE J3061TM 9. The cybersecurity lifecycle - Management of cybersecurity 10. The cybersecurity lifecycle - Threat modelling 11. The cybersecurity lifecycle - Threat analysis and risk assessment 12. The cybersecurity lifecycle - Specification of security requirements and countermeasures 13. The cybersecurity lifecycle - Validation of cyber security 14. Summary and conclusion. Practices: 1. Preparation of working environment: image of the operation system that will be used for the simulation of the attacks. 2. Introduction to the penetration testing I: overview of tools, basic examples of attacks. 3. Introduction to the penetration testing II: example of complex attack. 4. Internet web services: securing application interface and management of access to the web services 5. Network of internet robots (botnet) and cyber attacks like denial of service (DOS, DDOS): practical experiment on CAN bus 6. Network services and home networks: surveillance systems, network security, logging of network activities. Analysis of logs and looking for the non-standard behavior. 7. Management of content and securing of data: anonymization of data, secure storing of data, encryption of data. 8. The cybersecurity lifecycle - Overview of the lifecycle with reference to e.g. SAE J3061TM - definition of the development project cybersecurity lifecycle. 9. The cybersecurity lifecycle - Management of cybersecurity - planning and management of cybersecurity. 10. The cybersecurity lifecycle - Threat modelling 11. The cybersecurity lifecycle - Threat analysis and risk assessment 12. The cybersecurity lifecycle - Specification of security requirements and countermeasures 13. The cybersecurity lifecycle - Validation of cyber security 14. Summary and conclusion.

Conditions for subject completion

Full-time form (validity from: 2019/2020 Winter semester, validity until: 2023/2024 Summer semester)

Task name	Type of task	Max. number of points (act. for subtasks)	Min. number of points	Max. počet pokusů
Credit and Examination	Credit and Examination	100 (100)	51
Credit	Credit	45	20
Examination	Examination	55	30	3

Valid from	Valid until	Mandatory attendence participation
Apr 3, 2019 4:07:18 PM	Oct 12, 2022 2:56:58 PM	Rated examples in tutorials and written and oral examination.

Mandatory attendence participation: Rated excercises in tutorials and written and oral examination.

Show history

Conditions for subject completion and attendance at the exercises within ISP: participation >= 80%

Show history

Occurrence in study plans

Academic year	Programme	Zaměření	Form	Study language	Tut. centre	Year	Type of duty
2023/2024	(N0716A060001) Automotive Electronic Systems	SPA	P	Czech	Ostrava	2	Compulsory	study plan
2022/2023	(N0716A060001) Automotive Electronic Systems	SPA	P	Czech	Ostrava	2	Compulsory	study plan
2021/2022	(N0716A060001) Automotive Electronic Systems	SPA	P	Czech	Ostrava	2	Compulsory	study plan
2020/2021	(N0716A060001) Automotive Electronic Systems	SPA	P	Czech	Ostrava	2	Compulsory	study plan

Occurrence in special blocks

Block name	Academic year	Form of study	Study language	Year	W	S	Type of block	Block owner

Assessment of instruction

2021/2022 Winter