Im Jahre 1977 wurde der „Data Encryption Algorithm“ (DEA) vom „National Bureau of Standards“ (NBS, später „National Institute of Standards and Technology“ – NIST) zum amerikanischen Verschlüsselungsstandard für Bundesbehörden erklärt [NBS_77]. 1981 folgte die Verabschiedung der DEA-Spezifikation als ANSI-Standard „DES“ [ANSI_81]. Die Empfehlung des DES als StandardVerschlüsselungsverfahren wurde auf fünf Jahre befristet und 1983, 1988 und 1993 um jeweils weitere fünf Jahre verlängert. Derzeit liegt eine Neufassung des NISTStandards vor [NIST_99], in dem der DES für weitere fünf Jahre übergangsweise zugelassen sein soll, aber die Verwendung von Triple-DES empfohlen wird: eine dreifache Anwendung des DES mit drei verschiedenen Schlüsseln (effektive Schlüssellänge: 168 bit) [NIST_99]. Der DES basiert auf einer von Horst Feistel bei IBM entwickelten Blockchiffre („Lucipher“) mit einer Schlüssellänge von 128 bit. Da die amerikanische „National Security Agency“ (NSA) dafür gesorgt hatte, daß der DES eine Schlüssellänge von lediglich 64 bit besitzt, von denen nur 56 bit relevant sind, und spezielle Substitutionsboxen (den „kryptographischen Kern“ des Verfahrens) erhielt, deren Konstruktionskriterien von der NSA nicht veröffentlicht wurden, war das Verfahren von Beginn an umstritten. Kritiker nahmen an, daß es eine geheime „Trapdoor“ in dem Verfahren gäbe, die der NSA eine OnlineEntschlüsselung auch ohne Kenntnis des Schlüssels erlauben würde. Zwar ließ sich dieser Verdacht nicht erhärten, aber sowohl die Zunahme von Rechenleistung als auch die Parallelisierung von Suchalgorithmen machen heute eine Schlüssellänge von 56 bit zum Sicherheitsrisiko. Zuletzt konnte 1998 mit einer von der „Electronic Frontier Foundation“ (EFF) entwickelten Spezialmaschine mit 1.800 parallel arbeitenden, eigens entwickelten Krypto-Prozessoren ein DES-Schlüssel in einer Rekordzeit von 2,5 Tagen gefunden werden. Um einen Nachfolger für den DES zu finden, kündigte das NIST am 2. Januar 1997 die Suche nach einem „Advanced Encryption Standard“ (AES) an. Ziel dieser Initiative ist, in enger Kooperation mit Forschung und Industrie ein symmetrisches Verschlüsselungsverfahren zu finden, das geeignet ist, bis weit ins 21. Jahrhundert hinein amerikanische Behördendaten wirkungsvoll zu verschlüsseln. Dazu wurde am 12. September 1997 ein offizieller „Call for Algorithm“ ausgeschrieben. An die vorzuschlagenden symmetrischen Verschlüsselungsalgorithmen wurden die folgenden Anforderungen gestellt: nicht-klassifiziert und veröffentlicht, weltweit lizenzfrei verfügbar, effizient implementierbar in Hardund Software, Blockchiffren mit einer Blocklänge von 128 bit sowie Schlüssellängen von 128, 192 und 256 bit unterstützt. Auf der ersten „AES Candidate Conference“ (AES1) veröffentlichte das NIST am 20. August 1998 eine Liste von 15 vorgeschlagenen Algorithmen und forderte die Fachöffentlichkeit zu deren Analyse auf. Die Ergebnisse wurden auf der zweiten „AES Candidate Conference“ (22.-23. März 1999 in Rom, AES2) vorgestellt und unter internationalen Kryptologen diskutiert. Die Kommentierungsphase endete am 15. April 1999. Auf der Basis der eingegangenen Kommentare und Analysen wählte das NIST fünf Kandidaten aus, die es am 9. August 1999 öffentlich bekanntmachte: MARS (IBM) RC6 (RSA Lab.) Rijndael (Daemen, Rijmen) Serpent (Anderson, Biham, Knudsen) Twofish (Schneier, Kelsey, Whiting, Wagner, Hall, Ferguson).

Advanced Encryption Standard (AES).

Throughout the last century, the automobile industry achieved remarkable milestones in manufacturing reliable, safe, and affordable vehicles. Because of significant recent advances in computation and communication technologies, autonomous cars are becoming a reality. Already autonomous car prototype models have covered millions of miles in test driving. Leading technical companies and car manufacturers have invested a staggering amount of resources in autonomous car technology, as they prepare for autonomous cars’ full commercialization in the coming years. However, to achieve this goal, several technical and nontechnical issues remain: software complexity, real-time data analytics, and testing and verification are among the greater technical challenges; and consumer stimulation, insurance management, and ethical/moral concerns rank high among the nontechnical issues. Tackling these challenges requires thoughtful solutions that satisfy consumers, industry, and governmental requirements, regulations, and policies. Thus, here we present a comprehensive review of state-of-the-art results for autonomous car technology. We discuss current issues that hinder autonomous cars’ development and deployment on a large scale. We also highlight autonomous car applications that will benefit consumers and many other sectors. Finally, to enable cost-effective, safe, and efficient autonomous cars, we discuss several challenges that must be addressed (and provide helpful suggestions for adoption) by designers, implementers, policymakers, regulatory organizations, and car manufacturers.

Autonomous Cars: Research Results, Issues, and Future Challenges

Pipelines are widely used for the transportation of hydrocarbon fluids over millions of miles all over the world. The structures of the pipelines are designed to withstand several environmental loading conditions to ensure safe and reliable distribution from point of production to the shore or distribution depot. However, leaks in pipeline networks are one of the major causes of innumerable losses in pipeline operators and nature. Incidents of pipeline failure can result in serious ecological disasters, human casualties and financial loss. In order to avoid such menace and maintain safe and reliable pipeline infrastructure, substantial research efforts have been devoted to implementing pipeline leak detection and localisation using different approaches. This paper discusses pipeline leakage detection technologies and summarises the state-of-the-art achievements. Different leakage detection and localisation in pipeline systems are reviewed and their strengths and weaknesses are highlighted. Comparative performance analysis is performed to provide a guide in determining which leak detection method is appropriate for particular operating settings. In addition, research gaps and open issues for development of reliable pipeline leakage detection systems are discussed.

Recent Advances in Pipeline Monitoring and Oil Leakage Detection Technologies: Principles and Approaches

The proliferation of computerized functions aimed at enhancing drivers’ safety and convenience has increased the number of vehicular attack surfaces accordingly. The fundamental vulnerability is caused by the fact that the controller area network protocol, a de facto standard for in-vehicle networks, does not support message origin authentication. Several methods to resolve this problem have been suggested. However, most of them require modification of the CAN protocol and have their own vulnerabilities. In this paper, we focus on securing in-vehicle CAN networks, proposing a novel automotive intrusion detection system (so-called VoltageIDS). The system leverages the inimitable characteristics of an electrical CAN signal as a fingerprint of the electronic control units. The noteworthy contributions are that VoltageIDS does not require any modification of the current system and has been validated on actual vehicles while driving on the road. VoltageIDS is also the first automotive intrusion detection system capable of distinguishing between errors and the bus-off attack. Our experimental results on a CAN bus prototype and on real vehicles show that VoltageIDS detects intrusions in the in-vehicle CAN network. Moreover, we evaluate VoltageIDS while a vehicle is moving.

VoltageIDS: Low-Level Communication Characteristics for Automotive Intrusion Detection System

Pipeline corrosion and leakage monitoring based on the distributed optical fiber sensing technology

Gas leaks can cause major incidents resulting in both human injuries and financial losses. To avoid such situations, a considerable amount of effort has been devoted to the development of reliable techniques for detecting gas leakage. As knowing about the existence of a leak is not always enough to launch a corrective action, some of the leak detection techniques were designed to allow the possibility of locating the leak. The main purpose of this paper is to identify the state-of-the-art in leak detection and localization methods. Additionally we evaluate the capabilities of these techniques in order to identify the advantages and disadvantages of using each leak detection solution.

https://www.aut.upt.ro/~pal-stefan.murvay/papers/survey_gas_leak_detection_localization_techniques.pdf

A survey on gas leak detection and localization techniques

The CAN (Controller Area Network) bus, i.e., the de facto standard for connecting ECUs inside cars, is increasingly becoming exposed to some of the most sophisticated security threats. Due to its broadcast nature and ID oriented communication, each node is sightless in regards to the source of the received messages and assuring source identification is an uneasy challenge. While recent research has focused on devising security in CAN networks by the use of cryptography at the protocol layer, such solutions are not always an alternative due to increased communication and computational overheads, not to mention backward compatibility issues. In this work we set steps for a distinct approach, namely, we try to take authentication up to unique physical characteristics of the frames that are placed by each node on the bus. For this we analyze the frames by taking measurements of the voltage, filtering the signal and examining mean square errors and convolutions in order to uniquely identify each potential sender. Our experimental results show that distinguishing between certain nodes is clearly possible and by clever choices of transceivers and frame IDs each message can be precisely linked to its sender.

/pdf/source-identification-using-signal-characteristics-in-1epv1ckfh1.pdf

Source Identification Using Signal Characteristics in Controller Area Networks

Due to its cost efficiency, the controller area network (CAN) is still the most wide-spread in-vehicle bus, and the numerous reported attacks demonstrate the urgency in designing new security solutions for CAN In this paper, we propose an intrusion detection mechanism that takes advantage of Bloom filtering to test frame periodicity based on message identifiers and parts of the data-field which facilitates detection of potential replay or modification attacks This proves to be an effective approach since most of the traffic from in-vehicle buses is cyclic in nature and the format of the data-field is fixed due to rigid signal allocation Bloom filters provide an efficient time-memory tradeoff which is beneficial for the constrained resources of automotive grade controllers We test the correctness of our approach and obtain good results on an industry-standard CANoe-based simulation for a J1939 commercial-vehicle bus and also on CAN with flexible data-rate traces obtained from a real-world high-end vehicle The proposed filtering mechanism is straightforward to adapt for any other time-triggered in-vehicle bus, eg, FlexRay, since it is built on time-driven characteristics

Efficient Intrusion Detection With Bloom Filtering in Controller Area Networks

Vehicles cannot be secured while the in-vehicle network remains insecure. The growing number of attacks reported each year shows that in-vehicle buses are not isolated from the outside world. By exploiting their lack of security, adversaries can gain control over virtually any functionality inside the car. We discuss the most promising approaches for assuring security on the controller area network (CAN) bus after a decade of attacks and security proposals. Most of the proposals are based on cryptographic mechanisms, but some exploit the physical layer or even the physical characteristics of the controllers. The surveyed solutions prove a significant degree of maturity and sophistication, which suggests that the moment for adoption and standardization by the industry has come.

Security Solutions for the Controller Area Network: Bringing Authentication to In-Vehicle Networks

In the recent years, countless security concerns related to automotive systems were revealed either by academic research or real life attacks. While current attention was largely focused on passenger cars, due to their ubiquity, the reported bus-related vulnerabilities are applicable to all industry sectors where the same bus technology is deployed, i.e., the CAN bus. The SAE J1939 specification extends and standardizes the use of CAN to commercial vehicles where security plays an even higher role. In contrast to empirical results that attest such vulnerabilities in commercial vehicles by practical experiments, here, we determine that existing shortcomings in the SAE J1939 specifications open road to several new attacks, e.g., impersonation, denial of service (DoS), distributed DoS, etc. Taking the advantage of an industry-standard CANoe based simulation, we demonstrate attacks with potential safety critical effects that are mounted while still conforming to the SAE J1939 standard specification. We discuss countermeasures and security enhancements by including message authentication mechanisms. Finally, we evaluate and discuss the impact of employing these mechanisms on the overall network communication.

Pal-Stefan Murvay

Papers

A survey on gas leak detection and localization techniques

Source Identification Using Signal Characteristics in Controller Area Networks

Efficient Intrusion Detection With Bloom Filtering in Controller Area Networks

Security Solutions for the Controller Area Network: Bringing Authentication to In-Vehicle Networks

Security Shortcomings and Countermeasures for the SAE J1939 Commercial Vehicle Bus Protocol