The rapidly growing connectivity of vehicles is opening up numerous opportunities for new functions and attractive business models. At the same time, the potential for cyber-attacks on vehicle networks is also growing. Such attacks threaten the functional safety of the vehicle and could cause financial damage.
Automotive manufacturers and suppliers rely on Vector as trusted partner. We support you with services, embedded software and tools for securing embedded systems against cyber-attacks.
Protect your product effectively and efficiently by taking advantage of Vector’s many years of experience and knowledge. We offer thorough consulting on security issues, from threat analysis to security strategies and architectures to the implementation and testing of all security functions. In the implementation of security functions in ECU software, Vector supports a wide range of hardware trust anchors from various hardware manufacturers. The well-known Vector tools are also designed for the entire development process of cyber-security-relevant systems.
Protecting vehicle functions against unauthorized access and manipulation is a central challenge for current and future ECUs. Vector has already been working closely with automotive OEMs and suppliers for a number of years in this area. By using our consultation services, we can make a contribution toward protecting your valuable data by using fast and resource-efficient cryptographic functions in the ECU.
The Goals of Security
Security lets you assure that information is transmitted fully and unchanged and that only certain receivers have access to this information. In attaining these goals, Security defines the following terms:
Authenticity: trustworthy data exchange between senders and receivers
Integrity: checking to ensure that information contents are complete and unmodified
Confidentiality: data is encrypted and can only be read by authorized nodes.
Application Areas of Automotive Cyber Security
Requirements for security of information in the vehicle are growing along with the complexity of vehicle functions. In addition to protecting internal vehicle data, the vehicle’s connections to the outside world in particular require heightened protection against unauthorized access. Some use cases that illustrate security needs:
Internal Vehicle Communications
Secure data storage
Authenticated frame transmission, e.g. by secure on-board communication (SecOC), to prevent manipulation of critical signals
Communication with tire monitoring systems (e.g. via Bluetooth)
Intelligent charging: secure communication with an electric charging station
Car2X/V2X: authenticated data transmission between vehicles and infrastructure
Internet access and hotspot for infotainment in the vehicle
Diagnostics, flash programming, remote access and software updates via the (mobile) radio network (OTA)
Reducing the issue of security to the selection of cryptographic algorithms is insufficient. Instead, security must be consistently taken into account from the concept phase to the after-sales processes. Vector provides you with support during the evaluation of your current processes (Vector SecurityCheck) and the introduction and application of security engineering processes. You benefit from the experience and competence of our security experts, who, among other things, also offer automotive-specific in-house training on security engineering.
Concept Validation for Security Mechanisms
Vector implements your security mechanisms within the framework of advance development projects with automotive technologies. This helps you to validate the qualification of your concepts for serial production and forestall integration problems.
Development and Evaluation of Security Concepts
Vector analyzes your security concepts and teams up with you to develop optimizations with an appropriate cost/benefit ratio. This gives you a solution that has been specifically tailored to your product. The following are typical projects we can execute:
Analyzing and improving existing products with respect to concrete attacks (incident response)
Developing and analyzing security concepts for specific security-relevant applications such as remote diagnostics, remote software updates, and data collection campaigns
Analyzing and assessing complete vehicle security architectures, including the development of anonymized benchmarks
You benefit from our know-how in automotive technologies and our experience in the following areas:
Security engineering methods
Hardware trust anchors (SHE, HSM, TPM)
Management of crypto material (keys, certificates)
Intrusion detection and intrusion prevention systems
Secure on-board and off-board communication
Our experience in the integrated development of safety and security concepts will also be helpful to you.
Vector supports your ECU development by offering efficient modules that allow you to implement your security requirements. The MICROSAR basic software includes security modules that can be specifically tailored to meet your project requirements:
Crypto Service Manager (CSM)
Crypto driver [Crypto(SW)] according to the AUTOSAR standard based on an efficient crypto library
Drivers [Crypto(HW)] for different types of hardware trust anchors such as the Secure Hardware Extensions (SHE) and Hardware Security Modules (HSM) for leading microcontroller manufacturers
The Crypto driver as interface between the MICROSAR stack and the firmware MICROSAR.HSM from Vector
Interface for cryptographic algorithms (CRYIF)
Secure Onboard Communication (SecOC)
Transport Layer Security (TLS) client for secure communication over Ethernet
Internet Protocol Security (IPSec)
XML Security in conjunction with Efficient XML (vXMLSecurity)
Ethernet Firewall (ETHFW)
Security Event Memory (SEM) for tamper-proof saving of security events
AUTOSAR Key Manager (KeyM) for managing and distributing crypto material such as symmetrical and asymmetrical keys and certificates
OEM-specific Freshness Value Manager (FVM) and KeyM. Both are contained in the vSecMod module.
Diagnostic Policy Manager (DPM) for managing roles and rights in diagnostic services
We would be glad to discuss your special requirements for the modules. Please contact us.
MICROSAR.HSM is the firmware from Vector for the Hardware Security Modules (HSM) of different semiconductor manufacturers. The software can be adapted to your specific use cases, and offers the following properties and functions:
Providing security services: Functions for saving keys, secure boot, symmetrical and asymmetrical cryptographic algorithms and basic functions with the use of hardware accelerators (e.g. AES, TRNG, CMAC)
Support of the Key Update Protocol as specified in the SHE standard
Adaptation to your requirements in terms of performance and resource requirements through configuration
Abstraction of the HSM hardware for cryptographic computations
Easy to integrate into AUTOSAR basic software, version 4.3 or higher (e.g. MICROSAR from Vector)
Can be seamlessly integrated into the Vector Flash Bootloader for secure boot processes and secure software updates
Benefits of the Embedded Software from Vector for Security
The Vector Crypto Library has been developed by experienced cybersecurity experts and is optimized to meet special requirements regarding performance and small memory footprints.
Proven-in-use software modules are embedded in the AUTOSAR basic software and can therefore be configured with minimal effort.
Security modules are provided as standard software modules and can be configured to match your use case. This gives you a high degree of cost control and planning assurance.
To further improve security and enhance the performance of your ECUs, MICROSAR.HSM can be executed on the processor of the hardware trust anchor.
The AUTOSAR basic software MICROSAR and the Vector Flash Bootloader are available for various microcontrollers. The software is adapted to the hardware at the best possible rate because we are in active exchange with the microcontroller manufacturers. Among others, Vector is a member of the Infineon Security Partner Network.
Testing of Security-Protected ECUs and Networks
Management and Configuration of Security Parameters
The principle of the Security Manager - with and without access to OEM-specific backends
Security mechanisms prevent unauthorized access to vehicles and ECUs. This means that vehicle communication cannot be accessed at first, even during development. The Security Manager offers valuable services for testing ECUs anyway.
The Security Manager is the link between the Vector tools and the OEM-specific security implementations. With it, security functions can be used uniformly in the tools. No matter for which OEM you develop your control unit, you save time by only having to familiarize yourself once and then use the same "look and feel" also for different security concepts of the OEMs.
The connection to the OEM security implementations is made via PlugIns, the Security Packages (Sources), which are managed in the Security Manager. In tests and simulations, the Security Manager carries out the security-relevant operations and provides the tool with the results.
So far, the following tools use the Security Manager:
To simulate and test SecOC-secured communication, the Security Manager generates (left) and validates (right) the Message Authentication Codes (MACs).
SecOC secures and authenticates communication between ECUs based on Message Authentication Codes (MACs). Only based on valid MACs, simulation and test tools can communicate with the ECUs. For the Vector tools, the Security Manager, together with the OEM Security Packages*, generates and validates the MACs. The necessary input values such as secret key and freshness values are stored in the Security Manager.
* OEM Security Packages are available free of charge from Vector for some OEMs. These contain the OEM-specific Security algorithms and procedures. They simplify the application of general Security functions in the tools, since the OEM-specific behavior is outsourced in the packages.
Secure Diagnostics Through Authentication
The Security Manager enables authentication for Secure Diagnostics.
Diagnostic services may only be performed by trustworthy testers. With successful authentication, diagnostic services and critical operations such as flashing or variant coding can be enabled. The Security Manager executes the necessary processes together with the respective OEM Security Package.
Transport Layer Security (TLS/DTLS)
Sequence of TLS communication with original commands
For a secure client-server communication on TCP/UDP-level, the TLS protocol (Transport Layer Security) is used. The Security Manager provides the TLS protocol stack for Ethernet communication. This allows tools to conveniently use the protocol, including parameterization, to test communication that is secured by TLS.
In addition to the required certificate hierarchy, the cipher suites to be used can also be configured. These contain the algorithms and parameters that are to be used to establish a secure data connection.
Internet Protocol Security (IPsec)
CANoe enables testing of ECUs and networks that communicate in an IPsec-protected manner.
The goal of IPsec is to secure communication based on the IP protocol. In this way, you implement the classic protection goals such as confidentiality, authenticity, and integrity. By protecting the IP layer, the protection goals of all layers above are achieved. The use of the IPsec protocol enables the transparent protection of higher layer protocols such as SOME/IP, DoIP, TLS and HTTP.
The Security Manager provides an IPsec stack with the most important elements of the IPsec protocol:
Comprehensive protection of Ethernet communication by using the "Authentication Header" security method in Transport Mode
Implementation of the IKEv2 protocol (Internet Key Exchange v2) for flexible and secure generation of key material for a certificate-based session.
In addition to providing the protocol stack, the Security Manager also enables comprehensive configuration of the IPsec protocol. Security profiles are used for this purpose, which combine all the necessary configuration parameters. These include cipher suites, certificates, and security policies. Likewise, you can easily adopt existing configurations from StrongSwan descriptions to set up VPNs via IPsec.
Management and Configuration of Security Parameters
The Security Manager offers the possibility to conveniently manage parameters of security services in profiles. The profiles are used at runtime in the Security Manager to configure the algorithms used:
Symmetric Key Management Symmetric keys must be provided for secure on-board communication. The keys can be imported directly, in containers or in OEM-specific formats.
Certificate Management Certificate hierarchies are managed using PKI profiles (Public Key Infrastructure). File- and folder-based imports allow certificates to be used in TLS and diagnostic contexts.
Communication with a Security Backend For security reasons, many vehicle manufacturers do not pass on certificates and instead manage them in a backend. Development tools request the certificate-based functions (e.g. for signing) there at runtime. For the Vector tools, the Security Manager takes over the communication with the backend. In this way, complex processes can be considerably simplified for the user.
Testing of Security Mechanisms
Fuzz-Testing with CANoe
Despite careful analysis, design, and implementation of security mechanisms, it remains necessary to test them. Fuzz testing is one method of doing so that has been successfully used in IT for years. Vector offers the capability of efficiently and professionally executing fuzz testing in the automotive area with the help of CANoe.
The fuzzing solution integrated into CANoe allows the efficient performance of fuzz testing.
For end-to-end applications, Vector’s services, embedded software, and tools complement each other, forming a complete and optimal solution. Using our proven off-the-shelf products, we develop specific solutions that are precisely tailored to your requirements in an interdisciplinary team. You benefit from our comprehensive experience in the following security-intensive fields of application (among others):
Vector Consulting Services offers training classes about Automotive Cyber Security. The training provides an introduction to the fundamentals and practice of cyber security engineering. It introduces the basic techniques for specification, analysis, testing and proofing of security. Since there can be no absolute cyber-security, the focus of the training is on a risk-based approach and of the necessary consistent methodology.