The SMEP Attack
Zusammenfassung
Automotive switches offer management interfaces for reconfiguration via Ethernet, making these interfaces critical security targets. Authentication and key agreement are essential to protect these interfaces, yet proprietary management protocols exhibit varying levels of security. This talk presents a case study from 2022, where we discovered a severe vulnerability in a vendor’s implementation, leading to a complete breakdown of security. We will detail the vulnerability, which stemmed from an unsuitable application of textbook RSA, and explain how we’ve disclosed the vulnerability to the vendor and collaborated with them to develop a secure, fixed version of the protocol.
Friedrich Wiemer
Dr
Security Experte In-Vehicle Kommunikation
Geschäftsführer und Gründer
Meine Forschungsinteressen beinhalten das Design und die Analyse von symmetrischen Primitiven und von kryptographischen Protokollen für die Nutzung im Fahrzeugnetzwerk. In meiner Freizeit fotografiere ich oder spiele mit technischen Projekten.