Solutions for Automotive Cybersecurity
The rapidly growing connectivity of vehicles is opening up numerous opportunities for new functions and attractive business models. At the same time, the potential for cyber-attacks on vehicle networks is also growing. Such attacks threaten the functional safety of the vehicle and could cause financial damage.
Automotive manufacturers and suppliers rely on Vector as trusted partner. We support you with services, embedded software and tools for securing embedded systems against cyber-attacks.
Protect your product effectively and efficiently by taking advantage of Vector’s many years of experience and knowledge. We offer thorough consulting on security issues, from threat analysis to security strategies and architectures to the implementation and testing of all security functions. In the implementation of security functions in ECU software, Vector supports a wide range of hardware trust anchors from various hardware manufacturers. The well-known Vector tools are also designed for the entire development process of cyber-security-relevant systems.
Protecting vehicle functions against unauthorized access and manipulation is a central challenge for current and future ECUs. Vector has already been working closely with automotive OEMs and suppliers for a number of years in this area. By using our consultation services, we can make a contribution toward protecting your valuable data by using fast and resource-efficient cryptographic functions in the ECU.
The Goals of Security
Security lets you assure that information is transmitted fully and unchanged and that only certain receivers have access to this information. In attaining these goals, Security defines the following terms:
- Authenticity: trustworthy data exchange between senders and receivers
- Integrity: checking to ensure that information contents are complete and unmodified
- Confidentiality: data is encrypted and can only be read by authorized nodes.
Application Areas of Automotive Cyber Security
Requirements for security of information in the vehicle are growing along with the complexity of vehicle functions. In addition to protecting internal vehicle data, the vehicle’s connections to the outside world in particular require heightened protection against unauthorized access. Some use cases that illustrate security needs:
Internal Vehicle Communications
- Secure data storage
- Authenticated frame transmission, e.g. by secure on-board communication (SecOC), to prevent manipulation of critical signals
- Communication with tire monitoring systems (e.g. via Bluetooth)
- Intelligent charging: secure communication with an electric charging station
- Car2X/V2X: authenticated data transmission between vehicles and infrastructure
- Internet access and hotspot for infotainment in the vehicle
- Diagnostics, flash programming, remote access and software updates via the (mobile) radio network (OTA)
Reducing the issue of security to the selection of cryptographic algorithms is insufficient. Instead, security must be consistently taken into account from the concept phase to the after-sales processes. Vector provides you with support during the evaluation of your current processes (Vector SecurityCheck) and the introduction and application of security engineering processes. You benefit from the experience and competence of our security experts, who, among other things, also offer automotive-specific in-house training on security engineering.
Concept Validation for Security Mechanisms
Vector implements your security mechanisms within the framework of advance development projects with automotive technologies. This helps you to validate the qualification of your concepts for serial production and forestall integration problems.
Development and Evaluation of Security Concepts
Vector analyzes your security concepts and teams up with you to develop optimizations with an appropriate cost/benefit ratio. This gives you a solution that has been specifically tailored to your product. The following are typical projects we can execute:
- Analyzing and improving existing products with respect to concrete attacks (incident response)
- Developing and analyzing security concepts for specific security-relevant applications such as remote diagnostics, remote software updates, and data collection campaigns
- Analyzing and assessing complete vehicle security architectures, including the development of anonymized benchmarks
You benefit from our know-how in automotive technologies and our experience in the following areas:
- Security engineering methods
- Hardware trust anchors (SHE, HSM, TPM)
- Cryptographic processes
- Management of crypto material (keys, certificates)
- Secure boot
- Intrusion detection and intrusion prevention systems
- Secure on-board and off-board communication
Our experience in the integrated development of safety and security concepts will also be helpful to you.
AUTOSAR Basic Software: MICROSAR
Vector supports your ECU development by offering efficient modules that allow you to implement your security requirements. The MICROSAR basic software includes security modules that can be specifically tailored to meet your project requirements:
- Crypto Service Manager (CSM)
- Crypto driver [Crypto(SW)] according to the AUTOSAR standard based on an efficient crypto library
- Drivers [Crypto(HW)] for different types of hardware trust anchors such as the Secure Hardware Extensions (SHE) and Hardware Security Modules (HSM) for leading microcontroller manufacturers
- The Crypto driver as interface between the MICROSAR stack and the firmware MICROSAR.HSM from Vector
- Interface for cryptographic algorithms (CRYIF)
- Secure Onboard Communication (SecOC)
- Transport Layer Security (TLS) client for secure communication over Ethernet
- Internet Protocol Security (IPSec)
- XML Security in conjunction with Efficient XML (vXMLSecurity)
- Ethernet Firewall (ETHFW)
- Security Event Memory (SEM) for tamper-proof saving of security events
- AUTOSAR Key Manager (KeyM) for managing and distributing crypto material such as symmetrical and asymmetrical keys and certificates
- OEM-specific Freshness Value Manager (FVM) and KeyM. Both are contained in the vSecMod module.
- Diagnostic Policy Manager (DPM) for managing roles and rights in diagnostic services
Software-Stack for Hardware Security Modules
MICROSAR.HSM is the firmware from Vector for the Hardware Security Modules (HSM) of different semiconductor manufacturers. The software can be adapted to your specific use cases, and offers the following properties and functions:
- Providing security services: Functions for saving keys, secure boot, symmetrical and asymmetrical cryptographic algorithms and basic functions with the use of hardware accelerators (e.g. AES, TRNG, CMAC)
- Support of the Key Update Protocol as specified in the SHE standard
- Adaptation to your requirements in terms of performance and resource requirements through configuration
- Abstraction of the HSM hardware for cryptographic computations
- Easy to integrate into AUTOSAR basic software, version 4.3 or higher (e.g. MICROSAR from Vector)
- Can be seamlessly integrated into the Vector Flash Bootloader for secure boot processes and secure software updates
- Supplied as source code together with the DaVinci Configurator Pro configuration tool from Vector
The Vector Flash Bootloader (FBL) comprises security modules which are customized for specific project requirements and the capabilities of the available hardware trust anchors:
- Secure Boot Manager
- Secure Update Manager for validating the software update
- Update authorization
- HIS security modules for implementing different security classes
- Crypto Stack for providing security services
- Drivers [Crypto(HW)] for the different types of hardware trust anchors such as SHE and HSM of leading microcontroller manufacturers
- Extended security features by integration of MICROSAR.HSM
Benefits of the Embedded Software from Vector for Security
- The Vector Crypto Library has been developed by experienced cybersecurity experts and is optimized to meet special requirements regarding performance and small memory footprints.
- Proven-in-use software modules are embedded in the AUTOSAR basic software and can therefore be configured with minimal effort.
- Security modules are provided as standard software modules and can be configured to match your use case. This gives you a high degree of cost control and planning assurance.
- To further improve security and enhance the performance of your ECUs, MICROSAR.HSM can be executed on the processor of the hardware trust anchor.
The AUTOSAR basic software MICROSAR and the Vector Flash Bootloader are available for various microcontrollers. The software is adapted to the hardware at the best possible rate because we are in active exchange with the microcontroller manufacturers. Among others, Vector is a member of the Infineon Security Partner Network.
Testing of Security-Protected ECUs and Networks
Management and Configuration of Security Parameters
Security mechanisms prevent unauthorized access to vehicles and ECUs. This means that vehicle communication cannot be accessed at first, even during development. The Security Manager offers valuable services for testing ECUs anyway.
The Security Manager is the link between the Vector tools and the OEM-specific security implementations. With it, security functions can be used uniformly in the tools. No matter for which OEM you develop your control unit, you save time by only having to familiarize yourself once and then use the same "look and feel" also for different security concepts of the OEMs.
The connection to the OEM security implementations is made via Security add-ons, which are managed in the Security Manager. In tests and simulations, the Security Manager carries out the security-relevant operations and provides the tool with the results.
Testing of Security Mechanisms
Fuzz-Testing with vTESTstudio and CANoe
Despite careful analysis, design, and implementation of security mechanisms, it remains necessary to test them. Fuzz testing is one method of doing so that has been successfully used in IT for years. Vector offers the capability of efficiently and professionally executing fuzz testing in the automotive area with the help of vTESTstudio and CANoe.
- Setup of fuzz tests with just a few clicks via drag-and-drop of test commands and database symbols
- Convenient monitoring of the DUT through a range of predefined background checks
- Test logic can be extended as desired through user code
- Automatic reporting of test results in CANoe.
Your Contact at Vector
Are you interested in more information about the Vector Products for Automotive Cybersecurity?
Automotive Cybersecurity Expert
For end-to-end applications, Vector’s services, embedded software, and tools complement each other, forming a complete and optimal solution. Using our proven off-the-shelf products, we develop specific solutions that are precisely tailored to your requirements in an interdisciplinary team. You benefit from our comprehensive experience in the following security-intensive fields of application (among others):
- Intelligent charging of e-vehicles
- (Remote) diagnostics using Indigo
- (Remote) software updates (SOTA)
- Car2x applications
- Data collection campaigns in vehicle fleets
Please contact us if you would like to get further information about the areas of application.
News / Events
Risk-based Cyber-Security in Practice
Vector Consulting Services offers training classes about Automotive Cyber Security. The training provides an introduction to the fundamentals and practice of cyber security engineering. It introduces the basic techniques for specification, analysis, testing and proofing of security. Since there can be no absolute cyber-security, the focus of the training is on a risk-based approach and of the necessary consistent methodology.
Testing of Security-Protected ECUs and Networks using the Security Manager
The new course 'Security with CANoe.Ethernet and Security Manager' of the VectorAcademy starts with an overview of automotive security mechanisms and their implementation with the TLS, DTLS and IPsec protocols. The focus is the practical application of the Security Manager in CANoe.Ethernet for measuring, simulating and troubleshooting security-protected communication.