Master Thesis: Using stateful information in an automotive Ethernet IDS to prevent attacks i Lund

At Bosch, we shape the future by inventing high-quality technologies and services that spark enthusiasm and enrich people’s lives. Our promise to our associates is rock-solid: we grow together, we enjoy our work, and we inspire each other. Join in and feel the difference.

Bosch R&D Center Lund stands for modern development in cutting edge technology in the areas of connectivity, security, mobility solutions and AI. We are growing rapidly and looking for people to join us on our mission to become the Bosch Group’s 1st address for secure connected mobility solutions. We are working on a range of interesting projects, with a particular focus on software development for the automotive industry, electrical bicycles and Internet of Things.

Problem statement
The emergence of smart, connected and software defined vehicles have highlighted the need for improved automotive security. The in-vehicle network, which was previously isolated from any external attacks have in recent years become more exposed, requiring state-of-the art solutions in order to protect the communication integrity.  In Lund, we develop an Ethernet based firewall which is a first line of defense against external attacks. The second line of defense is to monitor malicious traffic inside the car, utilizing further detection capabilities such as deep packet inspection together with an intricate knowledge of the expected behavior. The aim of this thesis is to investigate threat models and detection techniques requiring session and/or sequence knowledge (so called stateful information) for an Ethernet based intrusion detection system.

Proposed solution
The work in this thesis will explore

• Threat models for automotive Ethernet focusing on
  o    Threats that exist after applying state-of-the-art preventative measures such as firewalling, VLAN segmentation, static MAC/IP addressing etc.
  o    Threats relevant to E/E architectures such as Diagnostics over IP (DoIP), Advanced Driver-Assistance System (ADAS) functions and backbone topologies.
• Detection techniques for the most relevant threats
  o    Consider their application in an embedded resource constrained execution environment
  o    Consider that resources for stateful inspection are available
• A system outline of an Ethernet based intrusion detection system by
  o    Drawing on knowledge and synergies from the existing product’s detection features (CAN IDS and Ethernet Firewall)
  o    Implementing a subset of identified detection techniques for Ethernet traffic

You will of course have the opportunity to shape the thesis based on your knowledge, skills and discoveries during the project.

In order to be successful in the project with think you are:

• A student in Information Technology, Computer Science, Electronics, Math or Physics.
• Interested in algorithm development and have experience with or have at least some knowledge of programming in embedded systems.
• Self-driven, with an analytical mindset who can challenge yourself, and gain the experience needed to move the project forward.
• A person with team spirit, social skills and a curiosity for exploring new technology areas.
• Proficient in English.

We are looking forward to receiving your application!
Start: according to prior agreement
Duration: 6 months
Scope: 1-2 student(s) completing 30 credits (20 weeks) onsite at the Lund office

Requirement for this thesis is the enrollment at University. Please attach a motivation letter, your CV, transcript of records, examination regulations and if indicated a valid work and residence permit.