Workshops - escar Europe 2021

The workshops are taking place November 10th, 09:00am - 12:00am.

They are held parallel to our social program and are not overlapping with the presentations. The conference starts November 10th 01:00pm.

In order to guarantee a good workshop atmosphere and for you to be able to gain new insights or deepen your knowledge successfully the number of participants is limited to 35 in each workshop.

Workshops

Workshop Fee
On site:   EUR 299,00 (plus VAT 19%)
Virtual:    EUR 189,00 (plus VAT 19%)
Please note: the workshops are not included in the conference fee.

Workshop 1: What’s next? Automotive security in the post-quantum era (Efstathia Katsigianni)

Asymmetric cryptography is now in widespread use in the automotive industry but algorithms that are secure today can be broken by the quantum computers of tomorrow. Although a breakthrough in quantum computing is still some years away, the transition to quantum-secure systems is a challenging and time-consuming process.

Outline of the workshop:

  1. Introduction and background
    • What is quantum computing, why can Quantum computers break today’s security, current status
    • How is asymmetric cryptography used in the automotive context, what are the challenges that arise by a change of the underlying cryptography
  2. Post-quantum algorithms
    • General introduction to the NIST competition and in-depth analysis of promising candidates
      • Comparison with classic schemes
      • Achieved security
      • Side-channel attacks
  3. Automotive Use case concrete use case example
    • How can a PQ-algorithm be used and what are the resulting challenges?

Workshop 2: UN R 155 and beyond: Measure, build, and improve your CSMS with the PROOF maturity model (Moritz Minzlaff & Jan Stölting)

The automotive industry is moving full speed ahead towards the software defined car. Security is a key discipline in this change: Manufacturers and suppliers with a high cyber maturity will be more competitive. This is why we’ve developed the PROOF maturity model with mappings to relevant regulation and standards such as the UN Regulation 155 and the ISO/SAE 21434.

In this workshop, we address key questions such as how ready is an organization for upcoming regulation and cybersecurity in the age of software defined cars? Who are the critical suppliers and are they mature enough? How to ensure that security awareness translates into actual improvements of the product security organization? This workshop provides participants with insights and tools how to measure, build, and improve the maturity of their cybersecurity management system (CSMS).

We aim for an interactive workshop with hands-on demonstrations, so we are eager to hear from you and receive your input.

Outline of the workshop:

  1. Introduction
    • Latest news on UN R 155 and ISO/SAE 21434
    • Key results from ESCRYPT & KPMG’s global Automotive CSMS survey 2021
    • Product security regulations and standardization regionally and internationally
  2. Focus sessions incl. hands-on demonstrations
    • Measure the maturity your security organization and your supply chain with the PROOF maturity model, check conformance to standards, and demonstrate your capabilities to third parties.
    • Build your cybersecurity management system (CSMS) in eight steps according to your vehicle security vision and related requirements.
    • Improve your CSMS to increase efficiency and to exploit synergies with other management systems such as QMS, ISMS, SUMS.
  3. Conclusions

Workshop 3: Automotive Security Testing (Tobias Brennich)

With ISO/SAE 21434 and UNECE WP.29 on the horizon, the IT security of vehicles will become mandatory for type approval. On the one hand, security engineering processes integrate security considerations into every new development, but on the other hand security testing is of equal importance. Security tests provide an additional verification of the security concept and security measures, they ensure that security requirements are implemented correctly and that there are no open vulnerabilities that have been overlooked before. The overall goal is to identify and fix an many flaws as possible before vehicles hit the road and others may find them. In this workshop we are giving a detailed overview about security testing in the automotive area: What it is, why it differs from classical software testing, how it can be done, which methods/tools exist and will also present some practical examples.

Outline of the workshop:

  1. General introduction
    • Definition
    • Importance of security testing
    • Comparison to classical software testing
  2. Detailed technical introduction
    • Introduction to the various security testing methods and tools
    • Comparison between manual (expert-based) and automated (tool-based) testing methods
    • Continuous integration testing
    • Automotive specific topics
  3. Definition of meaningful security testing strategies
  4. Practical examples