The SMEP Attack
Abstract
Automotive switches offer management interfaces for reconfiguration via Ethernet, making these interfaces critical security targets. Authentication and key agreement are essential to protect these interfaces, yet proprietary management protocols exhibit varying levels of security. This talk presents a case study from 2022, where we discovered a severe vulnerability in a vendor’s implementation, leading to a complete breakdown of security. We will detail the vulnerability, which stemmed from an unsuitable application of textbook RSA, and explain how we’ve disclosed the vulnerability to the vendor and collaborated with them to develop a secure, fixed version of the protocol.
Friedrich Wiemer
PhD
Security Expert In-Vehicle Communication
CEO and Co-Founder
My research interests include the design and analysis of symmetric primitives as well as cryptographic protocols for in-vehicle networks.