Consideration of an Automotive Intrusion Detection Solution
Automotive IT security
Despite incremental enhancements in access opportunities to the modern, connected vehicle, their typically proprietary IT structures have long been regarded as closed systems by the automotive industry. Provisions for protection against unauthorised intrusions are often only established for specific components of automotive information technology and are based only on secrecy of the concepts and designs used. However, if these protective measures and their avoidance are known, corresponding safety loopholes can be exploited in a large number of vehicles. Especially in the context of vehicle environments, such security incidents can lead to a breach of functional safety and with it bring a threat to life and limb. A targeted consideration of such interactions and the consequent development and implementation of appropriate protection concepts are therefore urgently required and must necessarily be taken into account by the automotive industry in their development activities.
The field of activities of ServiceXpert Gesellschaft für Service-Informationssystem mbH is thus moving into the comparatively new area of automotive cyber security, which is increasingly important in light of the steadily growing complexity and connectivity of automotive IT systems and infrastructures. In the context of internal R & D activities, ServiceXpert has conducted vehicle observations concerning this matter and in relation to embedded information technology, as well as the modern Car2IT total solution, as a special target of intentional, IT-based attacks and tampering and has specifically identified the challenges of intrusion detection in the End2End line. The focus is on the ability and the necessity to be able to recognise security incidents or attacks within a Car2IT line between the vehicle at one end and the cross-domain IT infrastructure at the other. The detection of attacks by means of suitable intrusion detection systems represents an important aspect of an integrated IT security concept along with authentication and encryption, which is becoming more urgent than ever in times of increasing connectivity and increasingly frequent attacks. This relates not only to the need for intrusion detection systems for the "classic IT" components of the content and service providers involved at one end of the Car2IT line, but increasingly also to the increasing mass defence of direct attacks on the connected vehicle and its embedded components.
As a result of this investigation, the ServiceXpert team has developed a comprehensive overview of an intrusion detection solution within End2end diagnostics, in which both existing and future conceivable approaches for attack detection have been examined for their suitability, taking into account the requirements for an attack-proof Car2IT total solution.
Even since the 1990s ServiceXpert has been involved in diagnostics of technical systems. Apart from projects for well-known forklift truck producers and the development of it’s own diagnostic system “DiaMon" the ServiceXpert diagnostics team has amassed a lot of experience in military and civil diagnostics-projects. At the Hamburg Diagnostics Centre DiC, ServiceXpert combines that experience and know-how to support well-known automotive and commercial vehicle manufacturers, as well as the ESG Group, in different diagnostics projects as a Centre of Competence.
ServiceXpert, an ESG-Group company, employs over 85 staff in Hamburg and Munich. ServiceXpert is a Europe-wide operating system and software house with a focused service portfolio for Lifecycle management of EE information for leading manufacturers of commercial vehicle and their supplier industry.