-
Coordinating Cooperative Perception in Urban Air Mobility for Enhanced Environmental Awareness
Authors:
Timo Häckel,
Luca von Roenn,
Nemo Juchmann,
Alexander Fay,
Rinie Akkermans,
Tim Tiedemann,
Thomas C. Schmidt
Abstract:
The trend for Urban Air Mobility (UAM) is growing with prospective air taxis, parcel deliverers, and medical and industrial services. Safe and efficient UAM operation relies on timely communication and reliable data exchange. In this paper, we explore Cooperative Perception (CP) for Unmanned Aircraft Systems (UAS), considering the unique communication needs involving high dynamics and a large numb…
▽ More
The trend for Urban Air Mobility (UAM) is growing with prospective air taxis, parcel deliverers, and medical and industrial services. Safe and efficient UAM operation relies on timely communication and reliable data exchange. In this paper, we explore Cooperative Perception (CP) for Unmanned Aircraft Systems (UAS), considering the unique communication needs involving high dynamics and a large number of UAS. We propose a hybrid approach combining local broadcast with a central CP service, inspired by centrally managed U-space and broadcast mechanisms from automotive and aviation domains. In a simulation study, we show that our approach significantly enhances the environmental awareness for UAS compared to fully distributed approaches, with an increased communication channel load, which we also evaluate. These findings prompt a discussion on communication strategies for CP in UAM and the potential of a centralized CP service in future research.
△ Less
Submitted 22 May, 2024; v1 submitted 6 May, 2024;
originally announced May 2024.
-
A Framework for the Systematic Assessment of Anomaly Detectors in Time-Sensitive Automotive Networks
Authors:
Philipp Meyer,
Timo Häckel,
Teresa Lübeck,
Franz Korf,
Thomas C. Schmidt
Abstract:
Connected cars are susceptible to cyberattacks. Security and safety of future vehicles highly depend on a holistic protection of automotive components, of which the time-sensitive backbone network takes a significant role. These onboard Time-Sensitive Networks (TSNs) require monitoring for safety and -- as versatile platforms to host Network Anomaly Detection Systems (NADSs) -- for security. Still…
▽ More
Connected cars are susceptible to cyberattacks. Security and safety of future vehicles highly depend on a holistic protection of automotive components, of which the time-sensitive backbone network takes a significant role. These onboard Time-Sensitive Networks (TSNs) require monitoring for safety and -- as versatile platforms to host Network Anomaly Detection Systems (NADSs) -- for security. Still a thorough evaluation of anomaly detection methods in the context of hard real-time operations, automotive protocol stacks, and domain specific attack vectors is missing along with appropriate input datasets. In this paper, we present an assessment framework that allows for reproducible, comparable, and rapid evaluation of detection algorithms. It is based on a simulation toolchain, which contributes configurable topologies, traffic streams, anomalies, attacks, and detectors. We demonstrate the assessment of NADSs in a comprehensive in-vehicular network with its communication flows, on which we model traffic anomalies. We evaluate exemplary detection mechanisms and reveal how the detection performance is influenced by different combinations of TSN traffic flows and anomaly types. Our approach translates to other real-time Ethernet domains, such as industrial facilities, airplanes, and UAVs.
△ Less
Submitted 2 May, 2024;
originally announced May 2024.
-
A Multilayered Security Infrastructure for Connected Vehicles -- First Lessons from the Field
Authors:
Timo Häckel,
Philipp Meyer,
Lukas Stahlbock,
Falk Langer,
Sebastian A. Eckhardt,
Franz Korf,
Thomas C. Schmidt
Abstract:
Connected vehicles are vulnerable to manipulation and a broad attack surface can be used to intrude in-vehicle networks from anywhere on earth. In this work, we present an integrated security infrastructure comprising network protection, monitoring, incident management, and counteractions, which we built into a prototype based on a production car. Our vehicle implements a Software-Defined Networki…
▽ More
Connected vehicles are vulnerable to manipulation and a broad attack surface can be used to intrude in-vehicle networks from anywhere on earth. In this work, we present an integrated security infrastructure comprising network protection, monitoring, incident management, and counteractions, which we built into a prototype based on a production car. Our vehicle implements a Software-Defined Networking Ethernet backbone to restrict communication routes, network anomaly detection to make misbehavior evident, virtual controller functions to enable agile countermeasures, and an automotive cloud defense center to analyse and manage incidents on vehicle fleets. We present first measurements and lessons learned from operating the prototype: many network attacks can be prevented through software-defined access control in the backbone; anomaly detection can reliably detect misbehavior but needs to improve on false positive rate; controller virtualization needs tailored frameworks to meet in-car requirements; and cloud defence enables fleet management and advanced countermeasures. Our findings indicate attack mitigation times in the vehicle from 257 ms to 328 ms and from 2,168 ms to 2,713 ms traversing the cloud.
△ Less
Submitted 16 October, 2023;
originally announced October 2023.
-
Authenticated and Secure Automotive Service Discovery with DNSSEC and DANE
Authors:
Mehmet Mueller,
Timo Häckel,
Philipp Meyer,
Franz Korf,
Thomas C. Schmidt
Abstract:
Automotive softwarization is progressing and future cars are expected to operate a Service-Oriented Architecture on multipurpose compute units, which are interconnected via a high-speed Ethernet backbone. The AUTOSAR architecture foresees a universal middleware called SOME/IP that provides the service primitives, interfaces, and application protocols on top of Ethernet and IP. SOME/IP lacks a robu…
▽ More
Automotive softwarization is progressing and future cars are expected to operate a Service-Oriented Architecture on multipurpose compute units, which are interconnected via a high-speed Ethernet backbone. The AUTOSAR architecture foresees a universal middleware called SOME/IP that provides the service primitives, interfaces, and application protocols on top of Ethernet and IP. SOME/IP lacks a robust security architecture, even though security is an essential in future Internet-connected vehicles. In this paper, we augment the SOME/IP service discovery with an authentication and certificate management scheme based on DNSSEC and DANE. We argue that the deployment of well-proven, widely tested standard protocols should serve as an appropriate basis for a robust and reliable security infrastructure in cars. Our solution enables on-demand service authentication in offline scenarios, easy online updates, and remains free of attestation collisions. We evaluate our extension of the common vsomeip stack and find performance values that fully comply with car operations.
△ Less
Submitted 27 March, 2023;
originally announced March 2023.
-
Dynamic Service-Orientation for Software-Defined In-Vehicle Networks
Authors:
Timo Häckel,
Philipp Meyer,
Mehmet Mueller,
Jan Schmitt-Solbrig,
Franz Korf,
Thomas C. Schmidt
Abstract:
Modern In-Vehicle Networks (IVNs) are composed of a large number of devices and services linked via an Ethernet-based time-sensitive network. Communication in future IVNs will become more dynamic as services can be updated, added, or removed during runtime. This requires a flexible and adaptable IVN, for which Software-Defined Networking (SDN) is a promising candidate. In this paper, we show how S…
▽ More
Modern In-Vehicle Networks (IVNs) are composed of a large number of devices and services linked via an Ethernet-based time-sensitive network. Communication in future IVNs will become more dynamic as services can be updated, added, or removed during runtime. This requires a flexible and adaptable IVN, for which Software-Defined Networking (SDN) is a promising candidate. In this paper, we show how SDN can be used to support a dynamic, service-oriented network architecture. We demonstrate our concept using the SOME/IP protocol, which is the most widely deployed implementation of automotive service-oriented architectures. In a simulation study, we evaluate the performance of SOME/IP-adaptive SDN control compared to standard Ethernet switching and non-optimized SDN. Our results show an expected overhead introduced by the central SDN controller, which is, however, reduced by up to 50% compared to SOME/IP-unaware SDN.For a large number of services, the setup time is in the order of milliseconds, which matches standard Ethernet switching. A SOME/IP-aware SDN controller can optimize the service discovery to improve adaptability, robustness, security, and Quality-of-Service of the IVN while remaining transparent to existing SOME/IP implementations.
△ Less
Submitted 24 March, 2023;
originally announced March 2023.
-
Secure Time-Sensitive Software-Defined Networking in Vehicles
Authors:
Timo Häckel,
Philipp Meyer,
Franz Korf,
Thomas C. Schmidt
Abstract:
Current designs of future In-Vehicle Networks (IVN) prepare for switched Ethernet backbones, which can host advanced LAN technologies such as IEEE Time-Sensitive Networking (TSN) and Software-Defined Networking (SDN). In this paper, we present an integrated Time-Sensitive Software-Defined Networking (TSSDN) architecture that simultaneously enables control of synchronous and asynchronous real-time…
▽ More
Current designs of future In-Vehicle Networks (IVN) prepare for switched Ethernet backbones, which can host advanced LAN technologies such as IEEE Time-Sensitive Networking (TSN) and Software-Defined Networking (SDN). In this paper, we present an integrated Time-Sensitive Software-Defined Networking (TSSDN) architecture that simultaneously enables control of synchronous and asynchronous real-time and best-effort communication for all IVN traffic classes. Despite the central SDN controller, we can validate that control can operate without a delay penalty for TSN traffic, provided protocols are properly mapped. We demonstrate how TSSDN adaptably and reliably enhances network security for in-vehicle communication. A systematic investigation of the possible control flow integrations with switched Ether-networks reveals that these strategies allow for sha** the attack surface of a software-defined IVN. We discuss embeddings of control flow identifiers on different layers, covering the range from a fully exposed map** to deep encapsulation. We experimentally evaluate these strategies in a production vehicle, which we map to a modern Ethernet topology. Our findings indicate that visibility of automotive control flows on lower network layers enables isolation and access control throughout the network infrastructure. Such a TSSDN backbone can establish and survey trust zones within the IVN and reduce the attack surface of connected cars in various attack scenarios.
△ Less
Submitted 26 August, 2022; v1 submitted 3 January, 2022;
originally announced January 2022.
-
Network Anomaly Detection in Cars: A Case for Time-Sensitive Stream Filtering and Policing
Authors:
Philipp Meyer,
Timo Häckel,
Sandra Reider,
Franz Korf,
Thomas C. Schmidt
Abstract:
Connected vehicles are threatened by cyber-attacks as in-vehicle networks technologically approach (mobile) LANs with several wireless interconnects to the outside world. Malware that infiltrates a car today faces potential victims of constrained, barely shielded Electronic Control Units (ECUs). Many ECUs perform critical driving functions, which stresses the need for hardening security and resili…
▽ More
Connected vehicles are threatened by cyber-attacks as in-vehicle networks technologically approach (mobile) LANs with several wireless interconnects to the outside world. Malware that infiltrates a car today faces potential victims of constrained, barely shielded Electronic Control Units (ECUs). Many ECUs perform critical driving functions, which stresses the need for hardening security and resilience of in-vehicle networks in a multifaceted way. Future vehicles will comprise Ethernet backbones that differentiate services via Time-Sensitive Networking (TSN). The well-known vehicular control flows will follow predefined schedules and TSN traffic classifications. In this paper, we exploit this traffic classification to build a network anomaly detection system. We show how filters and policies of TSN can identify misbehaving traffic and thereby serve as distributed guards on the data link layer. On this lowest possible layer, our approach derives a highly efficient network protection directly from TSN. We classify link layer anomalies and micro-benchmark the detection accuracy in each class. Based on a topology derived from a real-world car and its traffic definitions we evaluate the detection system in realistic macro-benchmarks based on recorded attack traces. Our results show that the detection accuracy depends on how exact the specifications of in-vehicle communication are configured. Most notably for a fully specified communication matrix, our anomaly detection remains free of false-positive alarms, which is a significant benefit for implementing automated countermeasures in future vehicles.
△ Less
Submitted 3 July, 2023; v1 submitted 21 December, 2021;
originally announced December 2021.
-
Simulation-based Evaluation of a Synchronous Transaction Model for Time-Sensitive Software-Defined Networks
Authors:
Tobias Haugg,
Mohammad Fazel Soltani,
Timo Häckel,
Philipp Meyer,
Franz Korf,
Thomas C. Schmidt
Abstract:
Real-time networks based on Ethernet require robust quality-of-service for time-critical traffic. The Time-Sensitive Networking (TSN) collection of standards enables this in real-time environments like vehicle on-board networks. Runtime reconfigurations in TSN must respect the deadlines of real-time traffic. Software-Defined Networking (SDN) moves the control plane of network devices to the SDN co…
▽ More
Real-time networks based on Ethernet require robust quality-of-service for time-critical traffic. The Time-Sensitive Networking (TSN) collection of standards enables this in real-time environments like vehicle on-board networks. Runtime reconfigurations in TSN must respect the deadlines of real-time traffic. Software-Defined Networking (SDN) moves the control plane of network devices to the SDN controller, making these networks programmable. This allows reconfigurations from a central point in the network. In this work, we present a transactional model for network reconfigurations that are synchronously executed in all network devices. We evaluate its performance in a case study against nontransactional reconfigurations and show that synchronous transactions enable consistency for reconfigurations in TSN without increased latencies for real-time frames.
△ Less
Submitted 8 October, 2021; v1 submitted 1 October, 2021;
originally announced October 2021.
-
Strategies for Integrating Controls Flows in Software-Defined In-Vehicle Networks and Their Impact on Network Security
Authors:
Timo Häckel,
Anja Schmidt,
Philipp Meyer,
Franz Korf,
Thomas C. Schmidt
Abstract:
Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs) via domain busses. A gateway forwards messages between these domains. Automotive Ethernet emerges as a flat, high-speed backbone technology for IVNs that carries the various control flows within Ethernet frames. Recently, Software-Defined-Networking (SDN) has been identified as a useful building block of the vehicular domai…
▽ More
Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs) via domain busses. A gateway forwards messages between these domains. Automotive Ethernet emerges as a flat, high-speed backbone technology for IVNs that carries the various control flows within Ethernet frames. Recently, Software-Defined-Networking (SDN) has been identified as a useful building block of the vehicular domain, as it allows the differentiation of packets based on all header fields and thus can isolate unrelated control flows. In this work, we systematically explore the different strategies for integrating automotive control flows in switched Ether-networks and analyze their security impact for a software-defined IVN. We discuss how control flow identifiers can be embedded on different layers resulting in a range of solutions from fully exposed embedding to deep encapsulation. We evaluate these strategies in a realistic IVN based on the communication matrix of a production grade vehicle, which we map into a modern Ethernet topology. We find that visibility of automotive control flows within packet headers is essential for the network infrastructure to enable isolation and access control. With an exposed embedding, the SDN backbone can establish and survey trust zones within the IVN and largely reduce the attack surface of connected cars. An exposed embedding strategy also minimizes communication expenses.
△ Less
Submitted 8 December, 2020; v1 submitted 8 October, 2020;
originally announced October 2020.
-
A QoS Aware Approach to Service-Oriented Communication in Future Automotive Networks
Authors:
Mehmet Çakır,
Timo Häckel,
Sandra Reider,
Philipp Meyer,
Franz Korf,
Thomas C. Schmidt
Abstract:
Service-Oriented Architecture (SOA) is about to enter automotive networks based on the SOME/IP middleware and an Ethernet high-bandwidth communication layer. It promises to meet the growing demands on connectivity and flexibility for software components in modern cars. Largely heterogeneous service requirements and time-sensitive network functions make Quality-of-Service (QoS) agreements a vital b…
▽ More
Service-Oriented Architecture (SOA) is about to enter automotive networks based on the SOME/IP middleware and an Ethernet high-bandwidth communication layer. It promises to meet the growing demands on connectivity and flexibility for software components in modern cars. Largely heterogeneous service requirements and time-sensitive network functions make Quality-of-Service (QoS) agreements a vital building block within future automobiles. Existing middleware solutions, however, do not allow for a dynamic selection of QoS.
This paper presents a service-oriented middleware for QoS aware communication in future cars. We contribute a protocol for dynamic QoS negotiation along with a multi-protocol stack, which supports the different communication classes as derived from a thorough requirements analysis. We validate the feasibility of our approach in a case study and evaluate its performance in a simulation model of a realistic in-car network. Our findings indicate that QoS aware communication can indeed meet the requirements, while the impact of the service negotiations and setup times of the network remain acceptable provided the cross-traffic during negotiations stays below 70% of the available bandwidth.
△ Less
Submitted 5 November, 2019;
originally announced November 2019.
-
SDN4CoRE: A Simulation Model for Software-Defined Networking for Communication over Real-Time Ethernet
Authors:
Timo Häckel,
Philipp Meyer,
Franz Korf,
Thomas C. Schmidt
Abstract:
Ethernet has become the next standard for automotive and industrial automation networks. Standard extensions such as IEEE 802.1Q Time-Sensitive Networking (TSN) have been proven to meet the real-time and robustness requirements of these environments. Augmenting the TSN switching by Software-Defined Networking functions promises additional benefits: A programming option for TSN devices can add much…
▽ More
Ethernet has become the next standard for automotive and industrial automation networks. Standard extensions such as IEEE 802.1Q Time-Sensitive Networking (TSN) have been proven to meet the real-time and robustness requirements of these environments. Augmenting the TSN switching by Software-Defined Networking functions promises additional benefits: A programming option for TSN devices can add much value to the resilience, security, and adaptivity of the environment. Network simulation allows to model highly complex networks before assembly and is an essential process for the design and validation of future networks. Still, a simulation environment that supports programmable real-time networks is missing. This paper fills the gap by sharing our simulation model for Software-Defined Networking for Communication over Real-Time Ethernet (SDN4CoRE) and present initial results in modeling programmable real-time networks. In a case study, we show that SDN4CoRE can simulate complex programmable real-time networks and allows for testing and verifying the programming of real-time devices.
△ Less
Submitted 26 August, 2019;
originally announced August 2019.
-
DoS Protection through Credit Based Metering -- Simulation-Based Evaluation for Time-Sensitive Networking in Cars
Authors:
Philipp Meyer,
Timo Häckel,
Franz Korf,
Thomas C. Schmidt
Abstract:
Ethernet is the most promising solution to reduce complexity and enhance the bandwidth in the next generation in-car networks. Dedicated Ethernet protocols enable the real-time aspects in such networks. One promising candidate is the IEEE 802.1Q Time-Sensitive Networking protocol suite. Common Ethernet technologies, however, increases the vulnerability of the car infrastructure as they widen the a…
▽ More
Ethernet is the most promising solution to reduce complexity and enhance the bandwidth in the next generation in-car networks. Dedicated Ethernet protocols enable the real-time aspects in such networks. One promising candidate is the IEEE 802.1Q Time-Sensitive Networking protocol suite. Common Ethernet technologies, however, increases the vulnerability of the car infrastructure as they widen the attack surface for many components. In this paper proposes an IEEE 802.1Qci based algorithm that on the one hand, protects against DoS attacks by metering incoming Ethernet frames. On the other hand, it adapts to the behavior of the Credit Based Sha** algorithm, which was standardized for Audio/Video Bridging, the predecessor of Time-Sensitive Networking. A simulation of this proposed Credit Based Metering algorithm evaluates the concept.
△ Less
Submitted 21 October, 2019; v1 submitted 26 August, 2019;
originally announced August 2019.
-
Software-Defined Networks Supporting Time-Sensitive In-Vehicular Communication
Authors:
Timo Häckel,
Philipp Meyer,
Franz Korf,
Thomas C. Schmidt
Abstract:
Future in-vehicular networks will be based on Ethernet. The IEEE Time-Sensitive Networking (TSN) is a promising candidate to satisfy real-time requirements in future car communication. Software-Defined Networking (SDN) extends the Ethernet control plane with a programming option that can add much value to the resilience, security, and adaptivity of the automotive environment. In this work, we deri…
▽ More
Future in-vehicular networks will be based on Ethernet. The IEEE Time-Sensitive Networking (TSN) is a promising candidate to satisfy real-time requirements in future car communication. Software-Defined Networking (SDN) extends the Ethernet control plane with a programming option that can add much value to the resilience, security, and adaptivity of the automotive environment. In this work, we derive a first concept for combining Software-Defined Networking with Time-Sensitive Networking along with an initial evaluation. Our measurements are performed via a simulation that investigates whether an SDN architecture is suitable for time-critical applications in the car. Our findings indicate that the control overhead of SDN can be added without a delay penalty for the TSN traffic when protocols are mapped properly.
△ Less
Submitted 19 March, 2019;
originally announced March 2019.
-
Inference, Learning and Attention Mechanisms that Exploit and Preserve Sparsity in Convolutional Networks
Authors:
Timo Hackel,
Mikhail Usvyatsov,
Silvano Galliani,
Jan D. Wegner,
Konrad Schindler
Abstract:
While CNNs naturally lend themselves to densely sampled data, and sophisticated implementations are available, they lack the ability to efficiently process sparse data. In this work we introduce a suite of tools that exploit sparsity in both the feature maps and the filter weights, and thereby allow for significantly lower memory footprints and computation times than the conventional dense framewo…
▽ More
While CNNs naturally lend themselves to densely sampled data, and sophisticated implementations are available, they lack the ability to efficiently process sparse data. In this work we introduce a suite of tools that exploit sparsity in both the feature maps and the filter weights, and thereby allow for significantly lower memory footprints and computation times than the conventional dense framework when processing data with a high degree of sparsity. Our scheme provides (i) an efficient GPU implementation of a convolution layer based on direct, sparse convolution; (ii) a filter step within the convolution layer, which we call attention, that prevents fill-in, i.e., the tendency of convolution to rapidly decrease sparsity, and guarantees an upper bound on the computational resources; and (iii) an adaptation of the back-propagation algorithm, which makes it possible to combine our approach with standard learning frameworks, while still exploiting sparsity in the data and the model.
△ Less
Submitted 12 March, 2020; v1 submitted 31 January, 2018;
originally announced January 2018.
-
Semantic3D.net: A new Large-scale Point Cloud Classification Benchmark
Authors:
Timo Hackel,
Nikolay Savinov,
Lubor Ladicky,
Jan D. Wegner,
Konrad Schindler,
Marc Pollefeys
Abstract:
This paper presents a new 3D point cloud classification benchmark data set with over four billion manually labelled points, meant as input for data-hungry (deep) learning methods. We also discuss first submissions to the benchmark that use deep convolutional neural networks (CNNs) as a work horse, which already show remarkable performance improvements over state-of-the-art. CNNs have become the de…
▽ More
This paper presents a new 3D point cloud classification benchmark data set with over four billion manually labelled points, meant as input for data-hungry (deep) learning methods. We also discuss first submissions to the benchmark that use deep convolutional neural networks (CNNs) as a work horse, which already show remarkable performance improvements over state-of-the-art. CNNs have become the de-facto standard for many tasks in computer vision and machine learning like semantic segmentation or object detection in images, but have no yet led to a true breakthrough for 3D point cloud labelling tasks due to lack of training data. With the massive data set presented in this paper, we aim at closing this data gap to help unleash the full potential of deep learning methods for 3D labelling tasks. Our semantic3D.net data set consists of dense point clouds acquired with static terrestrial laser scanners. It contains 8 semantic classes and covers a wide range of urban outdoor scenes: churches, streets, railroad tracks, squares, villages, soccer fields and castles. We describe our labelling interface and show that our data set provides more dense and complete point clouds with much higher overall number of labelled points compared to those already available to the research community. We further provide baseline method descriptions and comparison between methods submitted to our online system. We hope semantic3D.net will pave the way for deep learning methods in 3D point cloud labelling to learn richer, more general 3D representations, and first submissions after only a few months indicate that this might indeed be the case.
△ Less
Submitted 12 April, 2017;
originally announced April 2017.