Sebastian Steinhorst

Marco De Vincenzi, Mert D. Pesé, Chiara Bodei et al.

The growing reliance on software in road vehicles has led to the emergence of Software-Defined Vehicles (SDV). This work analyzes SDV security and privacy through a systematic literature review complemented by an industry questionnaire across the automotive supply chain. The analysis is structured as four research questions and results in a security framework serving as a roadmap for SDV protection. The findings emphasize addressing mixed-criticality architectural challenges, deploying layered security mechanisms, and integrating privacy-preserving techniques. The results highlight the need to harmonize in-vehicle and cloud-based defenses to strengthen cybersecurity and V2X resilience in Intelligent Transportation Systems (ITS).

Rubi Debnath, Daniel Bujosa Mateu, Luxi Zhao et al.

We present TSNBench, the first benchmark for evaluating large language model (LLM) proficiency in Time-Sensitive Networking (TSN), a suite of IEEE 802.1 standards for deterministic communication with bounded latency in safety-critical domains such as autonomous vehicles, aviation, defense, and industrial automation. While LLMs have been extensively evaluated on general knowledge tasks, their capabilities in safety-critical networking domains remain largely unexplored. TSNBench comprises 939 expert-validated multiple-choice questions (MCQs) covering diverse TSN mechanisms, along with 100 open-ended Worst-Case Delay (WCD) computation tasks for Credit-Based Shaper (CBS) and Cyclic Queuing and Forwarding (CQF) across varying network topologies and traffic conditions. MCQ answers are validated by domain experts, and open-ended ground truth WCD values are computed using a verified Network Calculus (NC) solver for CBS and closed-form mathematical upper bounds for CQF. We evaluate 16 LLMs and find that although models achieve 67 to 95% accuracy on MCQs, they fail substantially on open-ended WCD computation. For CBS, only GPT-5 achieves a Mean Absolute Percentage Error (MAPE) of 36.2%, meaning its predicted WCD deviates by 36.2% of the actual TSN flow delay on average, while most models exceed 80%. For CQF, the best model achieves 41.8% MAPE, with most models clustering between 80% and 100%. Such errors are large relative to TSN latency budgets and can lead to violations of real-time constraints and unsafe configurations. TSNBench demonstrates that MCQ benchmarks may overestimate LLM capabilities in safety-critical networking domains.

Pedram MohajerAnsari, Amir Salarpour, Michael Kühr et al.

Autonomous vehicles (AVs) rely on deep neural networks (DNNs) for critical tasks such as traffic sign recognition (TSR), automated lane centering (ALC), and vehicle detection (VD). However, these models are vulnerable to attacks that can cause misclassifications and compromise safety. Traditional defense mechanisms, including adversarial training, often degrade benign accuracy and fail to generalize against unseen attacks. In this work, we introduce Vehicle Vision Language Models (V2LMs), fine-tuned vision-language models specialized for AV perception. Our findings demonstrate that V2LMs inherently exhibit superior robustness against unseen attacks without requiring adversarial training, maintaining significantly higher accuracy than conventional DNNs under adversarial conditions. We evaluate two deployment strategies: Solo Mode, where individual V2LMs handle specific perception tasks, and Tandem Mode, where a single unified V2LM is fine-tuned for multiple tasks simultaneously. Experimental results reveal that DNNs suffer performance drops of 33% to 46% under attacks, whereas V2LMs maintain adversarial accuracy with reductions of less than 8% on average. The Tandem Mode further offers a memory-efficient alternative while achieving comparable robustness to Solo Mode. We also explore integrating V2LMs as parallel components to AV perception to enhance resilience against adversarial threats. Our results suggest that V2LMs offer a promising path toward more secure and resilient AV perception systems.

Jan Lauinger, Mudassar Aslam, Mohammad Hamad et al.

The Internet of Vehicles (IoV) equips vehicles with connectivity to the Internet and the Internet of Things (IoT) to support modern applications such as autonomous driving. However, the consolidation of complex computing domains of vehicles, the Internet, and the IoT limits the applicability of tailored security solutions. In this paper, we propose a new methodology to quantitatively verify the security of single or system-level assets of the IoV infrastructure. In detail, our methodology decomposes assets of the IoV infrastructure with the help of reference sub-architectures and the 4+1 view model analysis to map identified assets into data, software, networking, and hardware categories. This analysis includes a custom threat modeling concept to perform parameterization of Common Vulnerability Scoring System (CVSS) scores per view model domain. As a result, our methodology is able to allocate assets from attack paths to view model domains. This equips assets of attack paths with our IoV-driven CVSS scores. Our CVSS scores assess the attack likelihood which we use for Markov Chain transition probabilities. This way, we quantitatively verify system-level security among a set of IoV assets. Our results show that our methodology applies to arbitrary IoV attack paths. Based on our parameterization of CVSS scores and our selection of use cases, remote attacks are less likely to compromise location data compared to attacks from close proximity for authorized and unauthorized attackers respectively.

Nitin Shivaraman, Seima Saki, Zhiwei Liu et al.

With rapid advancements in the Internet of Things (IoT) paradigm, electrical devices in the near future is expected to have IoT capabilities. This enables fine-grained tracking of individual energy consumption data of such devices, offering location-independent per-device billing. Thus, it is more fine-grained than the location-based metering of state-of-the-art infrastructure, which traditionally aggregates on a building or household level, defining the entity to be billed. However, such in-device energy metering is susceptible to manipulation and fraud. As a remedy, we propose a decentralized metering architecture that enables devices with IoT capabilities to measure their own energy consumption. In this architecture, the device-level consumption is additionally reported to a system-level aggregator that verifies distributed information and provides secure data storage using Blockchain, preventing data manipulation by untrusted entities. Using evaluations on an experimental testbed, we show that the proposed architecture supports device mobility and enables location-independent monitoring of energy consumption.

Hassib Belhaj Hassine, Ege Korkan, Sebastian Steinhorst

Integrating different Internet of Things devices from different manufacturers to create a mashup scenario can be a tedious and error-prone task that involves studying non-standard datasheets. A Thing Description (TD) as defined by the World Wide Web Consortium (W3C) can make such a task less complicated by providing a standardized model for describing the metadata and the interface of a Web of Things (WoT) entity. However, a situation where a mashup developer has access to a Thing's TD before having access to the Thing itself may still arise. A way of simulating devices based only on their TDs is thus helpful during the development process of a mashup. In this work, we present a method of creating a virtual Thing that simulates the behavior of a WoT-enabled entity based only on its Thing Description.

Ege Korkan, Hassib Belhaj Hassine, Verena Eileen Schlott et al.

The Internet of Things (IoT) has already taken off, together with many Web of Things (WoT) off-the-shelf devices, such as Philips Hue lights and platforms such as Azure IoT. These devices and platforms define their own way of describing the interactions with the devices and do not support the recently published WoT standards by World Wide Web Consortium (W3C). On the other hand, many hardware components that are popular in developer and maker communities lack a programming language independent platform to integrate these components into the WoT, similar to npm and pip for software packages. To solve these problems and nurture the adoption of the W3C WoT, in this paper, we propose a platform to WoTify either existing hardware by downloading new software in them or already existing IoT and WoT devices by describing them with a Thing Description.

Philipp Mundhenk, Andrew Paverd, Artur Mrowca et al.

With the increasing amount of interconnections between vehicles, the attack surface of internal vehicle networks is rising steeply. Although these networks are shielded against external attacks, they often do not have any internal security to protect against malicious components or adversaries who breach the network perimeter. To secure the in-vehicle network, all communicating components must be authenticated, and only authorized components should be allowed to send and receive messages. This is achieved using an authentication framework. Cryptography is widely used to authenticate communicating parties and provide secure communication channels (e.g., Internet communication). However, the real-time performance requirements of in-vehicle networks restrict the types of cryptographic algorithms and protocols that may be used. In particular, asymmetric cryptography is computationally infeasible during vehicle operation. In this work, we address the challenges of designing authentication protocols for automotive systems. We present Lightweight Authentication for Secure Automotive Networks (LASAN), a full lifecycle authentication approach. We describe the core LASAN protocols and show how they protect the internal vehicle network while complying with the real-time constraints and low computational resources of this domain. Unlike previous work, we also explain how this framework can be integrated into all aspects of the automotive lifecycle, including manufacturing, vehicle maintenance, and software updates. We evaluate LASAN in two different ways: First, we analyze the security properties of the protocols using established protocol verification techniques based on formal methods. Second, we evaluate the timing requirements of LASAN and compare these to other frameworks using a new highly modular discrete event simulator for in-vehicle networks, which we have developed for this evaluation.