| Course Unit Code | 460-4134/01 |
|---|
| Number of ECTS Credits Allocated | 5 ECTS credits |
|---|
| Type of Course Unit * | Compulsory |
|---|
| Level of Course Unit * | Second Cycle |
|---|
| Year of Study * | Second Year |
|---|
| Semester when the Course Unit is delivered | Summer Semester |
|---|
| Mode of Delivery | Face-to-face |
|---|
| Language of Instruction | Czech |
|---|
| Prerequisites and Co-Requisites | Course succeeds to compulsory courses of previous semester |
|---|
| Name of Lecturer(s) | Personal ID | Name |
|---|
| STO03 | Ing. Svatopluk Štolfa, Ph.D. |
| PLU042 | Ing. Jan Plucar, Ph.D. |
| STO231 | Ing. Jakub Štolfa, Ph.D. |
| Summary |
|---|
| The course concern is to the development of cybersecure automotive components, penetration testing, securing car to car communication, following standards from the automotive domain. Students will learn historical classic attacks, modern approaches and algorithms that can be easily use for the attack of automotive components. Course is also oriented to the methods of securing of automotive components, protection of data and anonymization of data. |
| Learning Outcomes of the Course Unit |
|---|
| The course is divided into several learning blocks: theoretical introduction, where basic terms from the cyber security will be explained, comparison of the systems that are used in automotive domain and possibility threads that can be used to attack these systems. Course graduate shall be able to understand the cybersecurity possible issues and shall be able to develop "cyber secure" automotive systems and perform possible penetration tests on them. |
| Course Contents |
|---|
Lectures:
1. Introduction to the cybersecurity: explanation of the basic terms, examples of the historical attacks, vectors of attacks.
2. Penetration testing and testing paradigm: What, how and when to test. Testing techniques and frameworks
3. Internet web services: securing application interface and management of access to the web services
4. Network of internet robots (botnet) and cyber attacks like denial of service (DOS, DDOS)
5. Network services and home networks: surveillance systems, network security, logging of network activities.
6. Connecting of mobile devices and comunication between cars: communication protocols, attacks like "Man in the middle".
7. Management of content and securing of data: anonymization of data, secure storing of data, encryption of data, basic principles of GDPR and their application in automotive domain.
8. The cybersecurity lifecycle - Overview of the lifecycle with reference to e.g. SAE J3061TM
9. The cybersecurity lifecycle - Management of cybersecurity
10. The cybersecurity lifecycle - Threat modelling
11. The cybersecurity lifecycle - Threat analysis and risk assessment
12. The cybersecurity lifecycle - Specification of security requirements and countermeasures
13. The cybersecurity lifecycle - Validation of cyber security
14. Summary and conclusion.
Practices:
1. Preparation of working environment: image of the operation system that will be used for the simulation of the attacks.
2. Introduction to the penetration testing I: overview of tools, basic examples of attacks.
3. Introduction to the penetration testing II: example of complex attack.
4. Internet web services: securing application interface and management of access to the web services
5. Network of internet robots (botnet) and cyber attacks like denial of service (DOS, DDOS): practical experiment on CAN bus
6. Network services and home networks: surveillance systems, network security, logging of network activities. Analysis of logs and looking for the non-standard behavior.
7. Management of content and securing of data: anonymization of data, secure storing of data, encryption of data.
8. The cybersecurity lifecycle - Overview of the lifecycle with reference to e.g. SAE J3061TM - definition of the development project cybersecurity lifecycle.
9. The cybersecurity lifecycle - Management of cybersecurity - planning and management of cybersecurity.
10. The cybersecurity lifecycle - Threat modelling
11. The cybersecurity lifecycle - Threat analysis and risk assessment
12. The cybersecurity lifecycle - Specification of security requirements and countermeasures
13. The cybersecurity lifecycle - Validation of cyber security
14. Summary and conclusion. |
| Recommended or Required Reading |
|---|
| Required Reading: |
|---|
Vehicle Electrical System Security Committee. SAE J3061 Cybersecurity Guide-
book for Cyber-Physical Automotive Systems.
Dietmar P.F. Möller, Roland E. Haas: Guide to Automotive Connectivity and Cybersecurity: Trends, Technologies, Innovations and Applications, Springer; 1st ed. 2018 edition (November 11, 2018), ISBN-10: 331973511X
ISBN-13: 978-3319735115
Craig Smith: The Car Hacker's Handbook: A Guide for the Penetration Tester, 1st Edition, No Starch Press; 1 edition (March 1, 2016), ISBN-10: 9781593277031
ISBN-13: 978-1593277031 |
Vehicle Electrical System Security Committee. SAE J3061 Cybersecurity Guide-
book for Cyber-Physical Automotive Systems.
Dietmar P.F. Möller, Roland E. Haas: Guide to Automotive Connectivity and Cybersecurity: Trends, Technologies, Innovations and Applications, Springer; 1st ed. 2018 edition (November 11, 2018), ISBN-10: 331973511X
ISBN-13: 978-3319735115
Craig Smith: The Car Hacker's Handbook: A Guide for the Penetration Tester, 1st Edition, No Starch Press; 1 edition (March 1, 2016), ISBN-10: 9781593277031
ISBN-13: 978-1593277031 |
| Recommended Reading: |
|---|
Craig Gibbs: Automotive Cybersecurity: Issues and Vulnerabilities (Transportation Issues, Policies and R&d), Nova Science Pub Inc; UK ed. edition (October 20, 2016), ISBN-10: 1634859871, ISBN-13: 978-1634859875
Shamik, Ghosh: Automotive Cybersecurity - From perceived threat to stark reality, About publishing group, July 2016
Allisa Knight: Hacking Connected Cars: Tactics, Techniques, and Procedures, 1st Edition, Wiley; 1 edition (January 30, 2019), ISBN-10: 1119491800, ISBN-13: 978-1119491804
|
Craig Gibbs: Automotive Cybersecurity: Issues and Vulnerabilities (Transportation Issues, Policies and R&d), Nova Science Pub Inc; UK ed. edition (October 20, 2016), ISBN-10: 1634859871, ISBN-13: 978-1634859875
Shamik, Ghosh: Automotive Cybersecurity - From perceived threat to stark reality, About publishing group, July 2016
Allisa Knight: Hacking Connected Cars: Tactics, Techniques, and Procedures, 1st Edition, Wiley; 1 edition (January 30, 2019), ISBN-10: 1119491800, ISBN-13: 978-1119491804
|
| Planned learning activities and teaching methods |
|---|
| Lectures, Tutorials |
| Assesment methods and criteria |
|---|
| Task Title | Task Type | Maximum Number of Points
(Act. for Subtasks) | Minimum Number of Points for Task Passing |
|---|
| Credit and Examination | Credit and Examination | 100 (100) | 51 |
| Credit | Credit | 45 | 20 |
| Examination | Examination | 55 | 30 |