Presentation handouts Download here Participant only

Download Deadline:Novenber 30th 2018 (Japan time)

What's escar Asia

Automakers around the world face a pressing need for security measures. They are unlikely to be able to meet this need without massive changes to automotive development processes and structures. What are needed are new initiatives to build positive relations with hackers. Development of self-driving technologies has been accompanied by a movement toward demanding use of over-the-air software upgrades and intrusion detection systems (IDS). Security measures are undergoing rapid progress. Failure to ascertain the latest information could be fatal.

The Embedded Security in Cars Conference (escar) is an international symposium on information security focusing on the automotive field. It has been held in Europe for more than 10 years. Security engineers from around the world gather at escar to present and discuss the latest information in the field. The Asian version of the conference, escar Asia, was held first in Japan in 2014. escar Asia will be haled for the fifth time on October 3-4, 2018. It provides an opportunity to hear detailed explanations from the world’s foremost authorities on the latest trends in this field that is progressing at a bewildering pace around the world.

Outline

Title escar Asia 2018
World leading automotive security conference
Dates October 3rd to 4th, 2018
Time 3rd 10:00-16:45 (open:9:30) *TBD
4th 10:00-17:30 (open:9:30) *TBD
※Networking party heid after the seminar on october 3rd(17:00-18:30).
Venue Hotel Gajoen Tokyo, Japan MAP ↗
Language English / Japanese *Simultaneous interpretation is attached
Organizer Nikkei Automotive
Co-Organizer ESCRYPT, ETAS, ISITS (alphabetical order)
Sponsorship Airbiquity, ETAS, Infineon Technologies Japan, irdeto,
PwC Consulting, Riscure, Synopsys,
Ubiquitous AI Corporation

Program

  • *We will hold a networking party after the seminar on october 3rd.
    This year, Call for Paper presentation session is newly started.
First day ― October 3 (Wed)
10:00 - 10:50
Japan's security policy
Cyber security strategy and background
山内 智生 氏

Cabinet Secretariat
National center of Incident readiness and Strategy for Cybersecurity.(NISC)
Deputy Director-General
Dr. Tomoo Yamauchi


* This session was lectured by Ms. Yoshida Kyoko who is Counselior Strategy and Policy Planning, National Center of Incident readiness and Strategy for Cybersecurity. (NISC) , Cabinet Secretariat due to circumstances of Mr. Yamauchi.
11:00 - 11:55
Overview and status of ISO-SAE 21434 - "Road vehicles:Cybersecurity Engieerling"

This presentation will provide an update on the latest work taking place on the ISO/SAE 21434 Road Vihicle: Cybersecurity Engineerng by the joint SAE/ISO task force. An ovweview of the latest development activities for relese of the standard.

Christopher Clark 氏

SAE International
Member of Standardisation Board, Cybersecurity Assurance Testing Task Force
Mr. Christopher Clark

11:55 - 13:30

Lunch

Luncheon Seminar (12:10 - 12:40)

* We serve lunch box to those who will listen to the sponsored lecture.

Security protection strategy of Intelligent connected vehicle communication based on IEEE1609.2 standard
Mr. Ryan Wu

OnBoard Security Inc
Business Development Director
Mr. Ryan Wu

13:30 - 14:00
Submitted lecture 1
Proposal of Anomaly Detection Method "Cumulative Sum Detection" for In-Vehicle Networks

This paper proposes cumulative sum detection,which can detect cyber-attacks on Controller Area Network (CAN). Well-known existing attack detection techniques for in-vehicle networks include cycle detection and delayed-decision cycle detection. These techniques cause false positives and false negatives when there are long delays or early arrivals involving usual periodic message reception. The proposed technique can detect attacks with almost no false positives or false negatives, that is, highly accurately even when there are a long delays or early arrivals. This paper evaluates thedetection accuracy of existing techniques and theproposed technique using computer simulation withCAN data obtained from actual vehicles. By considering the evaluation result and the ease of parameter adjustment, we show that the cumulative sum detection is the best of these techniques.

名前 氏

FUJITSU Laboratories
Cyber Security Project, Security Research Laboratory
Senior Researcher
Mr. Jun Yajima

14:00 - 14:30
Submitted lecture 2
A Study on the Applicability of the Lesamnta-LW Lightweight Hash Function to TPMS

The Tire Pressure Monitoring System (TPMS) is used to monitor the pressure of the tires and to inform the driver of it. This equipment is mandatory for vehicles in US and EU. To ensure the security of TPMS, it is important to reduce the cost of the cryptographic mechanisms implemented in resourced-constrained devices. To address this problem, previous work has proposed countermeasures employing lightweight block ciphers such as PRESENT, SPECK, or KATAN. However, it is not clear to us that any of these works have addressed the issues of software optimization that considers TPMS-packet protection as well as session key updates for architectures consisting of the vehicle TPMS ECU and four low-cost TPM sensors equipped with the tires. In this paper, we propose to application of the ISO/IEC 29192-5 lightweight hash function Lesamnta-LW to address this issue. Our approach is to apply the known method of converting Lesamnta-LW to multiple independent pseudo-random functions (PRFs) in TPMS. In our case, we generate five PRFs this way and then use one PRF for MAC-generation and four for key derivation. Although we follow the NIST SP 800-108 framework of converting PRFs to key derivation functions, we confirm the significant advantage of Lesamnta-LW-based PRFs over HMAC-SHA-256 by evaluating the performance on AVR 8-bit micro-controllers, on which we consider simulating TPMS sensors. We expect that our method to achieve multiple-purposes with a single cryptographic primitive will help to reduce the total implementation cost required for TPMS security.

Yuhei Watanabe 氏

National Institute of Advanced Industrial Science and Technology(AIST)
AIST Postdoctoral Researcher
Dr. Yuhei Watanabe

14:35 - 15:30
Passive Keyless Entry
The Relay Attack & Emerging Solutions
Richard Billyeald 氏

Thatcham Research
Chief Technical Officer
Mr. Richard Billyeald

15:50 - 16:45
Analyzing the Security of Cars Efficiently
Niek Timmers

Riscure
Principal Security Analyst
Mr. Niek Timmers

17:00 - 18:30

Networking party

the 2nd day ― October 4 (Thur)
10:00 - 10:55
Service communication - a new communication paradigm creates new security challenges

As vehicle functions increase in complexity due to increased ADAS functionality and online updatability, OEMs are looking towards new technologies to adjust to the new requirements. One such technology is service communication which introduces an entirely new communication paradigm alongside the well-established signal communication. While for the latter many security mechanisms have been proposed and implemented in the field in recent years, this new form of communication introduces an additional set of security challenges to which the currently known techniques do not apply. We provide an overview of the mechanisms of service communication, what kind of new security requirements arise from it and what unique limitations are placed on the necessary additional security mechanisms due to their implementation inside a vehicle. We then provide a sketch of a solution which fulfills the security requirements while staying within the boundaries that the previously described limitations provide.

Alexander Tschache

Volkswagen
Vehicle security engineer
Mr. Alexander Tschache

11:00 - 11:55
Vehicle E&E Architecture Specific Security Features Configuration Strategy
Ashis Patra 氏

Cyber Security experts,
TATA Motors Ltd, PV Engineering
Mr. Ashis Patra

11:55 - 13:00

Lunch

Luncheon Seminar (12:05 - 12:35)

* We serve lunch box to those who will listen to the sponsored lecture.

Security measures through product life cycle in connected cars
Mr. ken Okuyama

PwC Consulting
Manager
Mr. ken Okuyama

13:00 - 13:30
Submitted lecture 3
Real-Time Electrical Data Forgery in In-vehicle Controller Area Network Bus

A Controller Area Network (CAN) is a bus standard for embedded devices that is widely used in-vehicle networks. CANs are equipped with a bit monitoring mechanism that determines if intended data are transmitted. Therefore, CANs are difficult to attack, such as rewriting data in real-time. However, attacks on analog signals carrying digital data (i.e.,attacks that manipulate the potential difference on CAN Bus) are possible. We show the theory of Real-Time Electrical Data Forgery in CAN Bus where the transmitted data can be manipulated by some attacker and the resultant data is received as the attacker intended while the sending side recognizes that the transmitted data arrives at the receiving side as it is. In addition, we demonstrate that this attack is possible on an in-vehicle CAN bus. Furthermore, we discuss replacement type electrical data falsification, which is a more advanced attack with high attack success probability, and highlight the need for improved security measures.

Kazuki Shirai 氏

Yokohama National University
Graduate School of Environment and Information Sciences

Mr. Kazuki Shirai

13:30 - 14:00
Submitted lecture 4
An Analysis of Open-Source Software Risks in the Automotive Industry

Open-source software is prevalent in various industries and is also increasing in the automotive industry especially for infotainment systems. There are several benefits with open-source software that allows innovation while reducing costs for non-competitive technologies. However, with more than 100 million lines of code in a modern vehicle and a complex supply chain involving multiple software suppliers it is imperative to understand what software is included and what risks exist in the software. We propose how two software composition analysis solutions can be used by OEMs and suppliers to understand the included open-source software components and the associated security and license risks. To give examples of how the software composition analysis works, we analyzed ten automotive software packages. All ten software contain open-source components with critical vulnerabilities. Finally, we discuss best practices for managing open-source risk across the automotive supply chain.

Dennis Kengo Oka 氏

Nihon Synopsys
Sr.Solution Architect, Software Group
Dr. Dennis Kengo Oka

14:15 - 15:10
Block Chain Technology for EV charging station with ChubuElectric Power
Mr. Kenichi Kurimoto

Nayuta
CEO
Mr. Kenichi Kurimoto

15:15 - 16:10
Cyber Security, the dynamic change in front of us.

Today, the automotive industry faces many issues. Traffic accident fatalities, CO2 emissions, disruptive technologies, to just name a few. The change in front of us is dynamic and yet so drastic that we may have to change our way of thinking. What are the changes in front of us? And what kind of challenge does this change bring? From this bigger picture, let’s take out the aspect of vehicle connectivity and think about what could be the future of cyber security that the automotive world needs.

名前 氏

Continental Automotive Japan
Head of Segment 3, Japanese OEMs Body & Security
Interior Japan
Mr. Hideya Aoki

16:30 - 17:30
Panel Discussion "UN WP 29"

· Automotive security certification;
 Third party or self-certification or Government agency
· Target of FOTA; Whole ADAS or a part of function
· Required security level at level 2
· Inspection and maintenance

Panelists

Niek Timmers

Riscure
Principal Security Analyst
Mr. Niek Timmers

Alexander Tschache

Volkswagen
Vehicle security engineer
Mr. Alexander Tschache

Ashis Patra 氏

Cyber Security experts,
TATA Motors Ltd, PV Engineering
Mr. Ashis Patra

名前 氏

Continental Automotive Japan
Head of Segment 3, Japanese OEMs Body & Security
Interior Japan
Mr. Hideya Aoki


Moderator

氏

BOSCH
Section Manager Group3,
AE-BE Application Engineering Dept.
Automotive Electronics (AE) Div.
Dr. Camille VUILLAUME

■Attention
  • *Lunch is not included.But,if you will attend the luncheon seminar provided by the sponsors, we are planning to offer box lunch.
  • *We will hold a networking party after the seminar on october 3rd.
  • *We will accept applications only for those who can agree to provide registration information and will provide third parties to the following co-organizers and co-sponsors including overseas. Each company may use it for direct guidance (products / services, exhibitions, seminar events, etc.), surveys and so on.
     ESCRYPT
     ISITS (Germany)
     ETAS
     PwC Consulting
     Synopsys
  • For the privacy policy of Nikkei BP (Nikkei Automotive) please refer to this website,
    ≫ http://www.nikkeibp.com/privacy.html
  • *Soon as it becomes fully booked, we will be closed accepting applications. Please apply as soon as possible.
■Payment

We will accept only the credit card payment at web site.
Please carry out registration-mail printing as the Attendance Certificate on the day.

We can not accept cancellation after application, refund after remittance. Please attend on behalf of you.
Transportation and accommodation expenses to the venue will be borne by the person taking this event.
Sudden diseases of instructors etc, natural disasters and other force majeure, other unavoidable circumstances, we may cancel. In this case, the registration fee will be refunded.

≫ Please contact us by using the form

Co-Organizer

ESCRYPT ETAS ISITS

*escar is a trademark of isits

Sponsorship

Airbiquity ETAS Infineon irdeto PwC Consulting Riscure Synopsys Ubiquitous AI Corporation