460-4134/02 – Methods of Computer Security of Automotive Systems (MPBAS)
| Gurantor department | Department of Computer Science | Credits | 5 |
| Subject guarantor | Ing. Svatopluk Štolfa, Ph.D. | Subject version guarantor | Ing. Svatopluk Štolfa, Ph.D. |
| Study level | undergraduate or graduate | Requirement | Compulsory |
| Year | 2 | Semester | winter |
| | Study language | English |
| Year of introduction | 2019/2020 | Year of cancellation | 2023/2024 |
| Intended for the faculties | FEI | Intended for study types | Follow-up Master |
Subject aims expressed by acquired skills and competences
The course is divided into several learning blocks: theoretical introduction, where basic terms from the cyber security will be explained, comparison of the systems that are used in automotive domain and possibility threads that can be used to attack these systems. Course graduate shall be able to understand the cybersecurity possible issues and shall be able to develop "cyber secure" automotive systems and perform possible penetration tests on them.
Teaching methods
Lectures
Tutorials
Summary
The course concern is to the development of cybersecure automotive components, penetration testing, securing car to car communication, following standards from the automotive domain. Students will learn historical classic attacks, modern approaches and algorithms that can be easily use for the attack of automotive components. Course is also oriented to the methods of securing of automotive components, protection of data and anonymization of data.
Compulsory literature:
Vehicle Electrical System Security Committee. SAE J3061 Cybersecurity Guide-
book for Cyber-Physical Automotive Systems.
Dietmar P.F. Möller, Roland E. Haas: Guide to Automotive Connectivity and Cybersecurity: Trends, Technologies, Innovations and Applications, Springer; 1st ed. 2018 edition (November 11, 2018), ISBN-10: 331973511X
ISBN-13: 978-3319735115
Craig Smith: The Car Hacker's Handbook: A Guide for the Penetration Tester, 1st Edition, No Starch Press; 1 edition (March 1, 2016), ISBN-10: 9781593277031
ISBN-13: 978-1593277031
Recommended literature:
Craig Gibbs: Automotive Cybersecurity: Issues and Vulnerabilities (Transportation Issues, Policies and R&d), Nova Science Pub Inc; UK ed. edition (October 20, 2016), ISBN-10: 1634859871, ISBN-13: 978-1634859875
Shamik, Ghosh: Automotive Cybersecurity - From perceived threat to stark reality, About publishing group, July 2016
Allisa Knight: Hacking Connected Cars: Tactics, Techniques, and Procedures, 1st Edition, Wiley; 1 edition (January 30, 2019), ISBN-10: 1119491800, ISBN-13: 978-1119491804
Additional study materials
Way of continuous check of knowledge in the course of semester
Rated examples in tutorials and written and oral examination.
E-learning
Other requirements
Rated examples in practices and written and oral examination.
Prerequisities
Subject has no prerequisities.
Co-requisities
Subject has no co-requisities.
Subject syllabus:
Lectures:
1. Introduction to the cybersecurity: explanation of the basic terms, examples of the historical attacks, vectors of attacks.
2. Penetration testing and testing paradigm: What, how and when to test. Testing techniques and frameworks
3. Internet web services: securing application interface and management of access to the web services
4. Network of internet robots (botnet) and cyber attacks like denial of service (DOS, DDOS)
5. Network services and home networks: surveillance systems, network security, logging of network activities.
6. Connecting of mobile devices and comunication between cars: communication protocols, attacks like "Man in the middle".
7. Management of content and securing of data: anonymization of data, secure storing of data, encryption of data, basic principles of GDPR and their application in automotive domain.
8. The cybersecurity lifecycle - Overview of the lifecycle with reference to e.g. SAE J3061TM
9. The cybersecurity lifecycle - Management of cybersecurity
10. The cybersecurity lifecycle - Threat modelling
11. The cybersecurity lifecycle - Threat analysis and risk assessment
12. The cybersecurity lifecycle - Specification of security requirements and countermeasures
13. The cybersecurity lifecycle - Validation of cyber security
14. Summary and conclusion.
Practices:
1. Preparation of working environment: image of the operation system that will be used for the simulation of the attacks.
2. Introduction to the penetration testing I: overview of tools, basic examples of attacks.
3. Introduction to the penetration testing II: example of complex attack.
4. Internet web services: securing application interface and management of access to the web services
5. Network of internet robots (botnet) and cyber attacks like denial of service (DOS, DDOS): practical experiment on CAN bus
6. Network services and home networks: surveillance systems, network security, logging of network activities. Analysis of logs and looking for the non-standard behavior.
7. Management of content and securing of data: anonymization of data, secure storing of data, encryption of data.
8. The cybersecurity lifecycle - Overview of the lifecycle with reference to e.g. SAE J3061TM - definition of the development project cybersecurity lifecycle.
9. The cybersecurity lifecycle - Management of cybersecurity - planning and management of cybersecurity.
10. The cybersecurity lifecycle - Threat modelling
11. The cybersecurity lifecycle - Threat analysis and risk assessment
12. The cybersecurity lifecycle - Specification of security requirements and countermeasures
13. The cybersecurity lifecycle - Validation of cyber security
14. Summary and conclusion.
Conditions for subject completion
Occurrence in study plans
Occurrence in special blocks
Assessment of instruction