Best Research Paper Award for ATHENE researchers


The paper "Analyzing and Securing SOME/IP Automotive Services with Formal and Practical Methods", written by ATHENE researchers Timm Lauser, Dustin Kern and Prof. Christoph Krauß, all of Darmstadt University of Applied Sciences, and Daniel Zelle, Fraunhofer SIT, was awarded with the Best Research Paper Award at the "International Conference on Availability, Reliability and Security", ARES for short.

In the paper, the researchers describe a formal and practical security analysis of the Scalable service-Oriented MiddlewarE over IP (SOME/IP) middleware - software that is used in many cars today to augment communications in our state-of-the-art vehicles. In addition to the security analysis, they identify possible attack scenarios and propose two security enhancements.

Automotive Ethernet is increasingly used in modern vehicles and complements or replaces legacy bus systems such as CAN. Ethernet also enables service-oriented communication with the Scalable service-Oriented MiddlewarE over IP (SOME/IP) middleware. In this paper, we present a formal and practical security analysis of Scalable service-Oriented MiddlewarE over IP (SOME/IP), the identified Man-in-the-Middle (MITM) attacks, and propose two security extensions. The attacks are possible even if SOME/IP is used in combination with link layer security mechanisms. The attacker can impersonate a service offering server and a service consuming client. The two most common communication methods, request/response and publish/subscribe, are both vulnerable. In most communication scenarios, we are able to route all messages over the attacker. Our security extensions for authentication and authorization of service provisioning and usage protect against these attacks. We formally analyze the security and evaluate the overhead with practical implementations.

PDF of the paper

ARES 2021 was held August 17-20 as a virtual conference.

show all news