460-4134/02 – Methods of Computer Security of Automotive Systems (MPBAS)

Gurantor departmentDepartment of Computer ScienceCredits5
Subject guarantorIng. Svatopluk Štolfa, Ph.D.Subject version guarantorIng. Svatopluk Štolfa, Ph.D.
Study levelundergraduate or graduateRequirementCompulsory
Year2Semesterwinter
Study languageEnglish
Year of introduction2019/2020Year of cancellation
Intended for the facultiesFEIIntended for study typesFollow-up Master
Instruction secured by
LoginNameTuitorTeacher giving lectures
PLU042 Ing. Jan Plucar, Ph.D.
STO231 Ing. Jakub Štolfa, Ph.D.
STO03 Ing. Svatopluk Štolfa, Ph.D.
Extent of instruction for forms of study
Form of studyWay of compl.Extent
Full-time Credit and Examination 2+2

Subject aims expressed by acquired skills and competences

The course is divided into several learning blocks: theoretical introduction, where basic terms from the cyber security will be explained, comparison of the systems that are used in automotive domain and possibility threads that can be used to attack these systems. Course graduate shall be able to understand the cybersecurity possible issues and shall be able to develop "cyber secure" automotive systems and perform possible penetration tests on them.

Teaching methods

Lectures
Tutorials

Summary

The course concern is to the development of cybersecure automotive components, penetration testing, securing car to car communication, following standards from the automotive domain. Students will learn historical classic attacks, modern approaches and algorithms that can be easily use for the attack of automotive components. Course is also oriented to the methods of securing of automotive components, protection of data and anonymization of data.

Compulsory literature:

Vehicle Electrical System Security Committee. SAE J3061 Cybersecurity Guide- book for Cyber-Physical Automotive Systems. Dietmar P.F. Möller, Roland E. Haas: Guide to Automotive Connectivity and Cybersecurity: Trends, Technologies, Innovations and Applications, Springer; 1st ed. 2018 edition (November 11, 2018), ISBN-10: 331973511X ISBN-13: 978-3319735115 Craig Smith: The Car Hacker's Handbook: A Guide for the Penetration Tester, 1st Edition, No Starch Press; 1 edition (March 1, 2016), ISBN-10: 9781593277031 ISBN-13: 978-1593277031

Recommended literature:

Craig Gibbs: Automotive Cybersecurity: Issues and Vulnerabilities (Transportation Issues, Policies and R&d), Nova Science Pub Inc; UK ed. edition (October 20, 2016), ISBN-10: 1634859871, ISBN-13: 978-1634859875 Shamik, Ghosh: Automotive Cybersecurity - From perceived threat to stark reality, About publishing group, July 2016 Allisa Knight: Hacking Connected Cars: Tactics, Techniques, and Procedures, 1st Edition, Wiley; 1 edition (January 30, 2019), ISBN-10: 1119491800, ISBN-13: 978-1119491804

Way of continuous check of knowledge in the course of semester

Rated examples in tutorials and written and oral examination.

E-learning

Other requirements

Rated examples in practices and written and oral examination.

Prerequisities

Subject has no prerequisities.

Co-requisities

Subject has no co-requisities.

Subject syllabus:

Lectures: 1. Introduction to the cybersecurity: explanation of the basic terms, examples of the historical attacks, vectors of attacks. 2. Penetration testing and testing paradigm: What, how and when to test. Testing techniques and frameworks 3. Internet web services: securing application interface and management of access to the web services 4. Network of internet robots (botnet) and cyber attacks like denial of service (DOS, DDOS) 5. Network services and home networks: surveillance systems, network security, logging of network activities. 6. Connecting of mobile devices and comunication between cars: communication protocols, attacks like "Man in the middle". 7. Management of content and securing of data: anonymization of data, secure storing of data, encryption of data, basic principles of GDPR and their application in automotive domain. 8. The cybersecurity lifecycle - Overview of the lifecycle with reference to e.g. SAE J3061TM 9. The cybersecurity lifecycle - Management of cybersecurity 10. The cybersecurity lifecycle - Threat modelling 11. The cybersecurity lifecycle - Threat analysis and risk assessment 12. The cybersecurity lifecycle - Specification of security requirements and countermeasures 13. The cybersecurity lifecycle - Validation of cyber security 14. Summary and conclusion. Practices: 1. Preparation of working environment: image of the operation system that will be used for the simulation of the attacks. 2. Introduction to the penetration testing I: overview of tools, basic examples of attacks. 3. Introduction to the penetration testing II: example of complex attack. 4. Internet web services: securing application interface and management of access to the web services 5. Network of internet robots (botnet) and cyber attacks like denial of service (DOS, DDOS): practical experiment on CAN bus 6. Network services and home networks: surveillance systems, network security, logging of network activities. Analysis of logs and looking for the non-standard behavior. 7. Management of content and securing of data: anonymization of data, secure storing of data, encryption of data. 8. The cybersecurity lifecycle - Overview of the lifecycle with reference to e.g. SAE J3061TM - definition of the development project cybersecurity lifecycle. 9. The cybersecurity lifecycle - Management of cybersecurity - planning and management of cybersecurity. 10. The cybersecurity lifecycle - Threat modelling 11. The cybersecurity lifecycle - Threat analysis and risk assessment 12. The cybersecurity lifecycle - Specification of security requirements and countermeasures 13. The cybersecurity lifecycle - Validation of cyber security 14. Summary and conclusion.

Conditions for subject completion

Full-time form (validity from: 2019/2020 Winter semester)
Task nameType of taskMax. number of points
(act. for subtasks)
Min. number of points
Credit and Examination Credit and Examination 100 (100) 51
        Credit Credit 45  20
        Examination Examination 55  30
Mandatory attendence parzicipation: Rated examples in tutorials and written and oral examination.

Show history

Occurrence in study plans

Academic yearProgrammeField of studySpec.ZaměřeníFormStudy language Tut. centreYearWSType of duty
2020/2021 (N0716A060002) Automotive Electronic Systems SPA P English Ostrava 2 Compulsory study plan

Occurrence in special blocks

Block nameAcademic yearForm of studyStudy language YearWSType of blockBlock owner