Solutions for Automotive Cybersecurity

The rapidly growing connectivity of vehicles is opening up numerous opportunities for new functions and attractive business models. At the same time, the potential for cyber-attacks on vehicle networks is also growing. Such attacks threaten the functional safety of the vehicle and could cause financial damage.

Automotive manufacturers and suppliers rely on Vector as trusted partner. We support you with services, embedded software and tools for securing embedded systems against cyber-attacks.

Schematic graphic showing the three main use cases of Vector's Security products

Protect your product effectively and efficiently by taking advantage of Vector’s many years of experience and knowledge. We offer thorough consulting on security issues, from threat analysis to security strategies and architectures to the implementation and testing of all security functions. In the implementation of security functions in ECU software, Vector supports a wide range of hardware trust anchors from various hardware manufacturers. The well-known Vector tools are also designed for the entire development process of cyber-security-relevant systems.

Basic Essentials

Protecting vehicle functions against unauthorized access and manipulation is a central challenge for current and future ECUs. Vector has already been working closely with automotive OEMs and suppliers for a number of years in this area. By using our consultation services, we can make a contribution toward protecting your valuable data by using fast and resource-efficient cryptographic functions in the ECU.

 

The Goals of Security

Security lets you assure that information is transmitted fully and unchanged and that only certain receivers have access to this information. In attaining these goals, Security defines the following terms:

  • Authenticity: trustworthy data exchange between senders and receivers
  • Integrity: checking to ensure that information contents are complete and unmodified
  • Confidentiality: data is encrypted and can only be read by authorized nodes.

 

Application Areas of Automotive Cyber Security

Requirements for security of information in the vehicle are growing along with the complexity of vehicle functions. In addition to protecting internal vehicle data, the vehicle’s connections to the outside world in particular require heightened protection against unauthorized access. Some use cases that illustrate security needs:

Internal Vehicle Communications

  • Secure data storage
  • Authenticated frame transmission, e.g. by secure on-board communication (SecOC), to prevent manipulation of critical signals
  • Communication with tire monitoring systems (e.g. via Bluetooth)

Vehicle Connectivity:

  • Intelligent charging: secure communication with an electric charging station
  • Car2X/V2X: authenticated data transmission between vehicles and infrastructure
  • Internet access and hotspot for infotainment in the vehicle
  • Diagnostics, flash programming, remote access and software updates via the (mobile) radio network (OTA)

Services

Security Engineering

Reducing the issue of security to the selection of cryptographic algorithms is insufficient. Instead, security must be consistently taken into account from the concept phase to the after-sales processes. Vector provides you with support during the evaluation of your current processes (Vector SecurityCheck) and the introduction and application of security engineering processes. You benefit from the experience and competence of our security experts, who, among other things, also offer automotive-specific in-house training on security engineering.

     

Concept Validation for Security Mechanisms

Vector implements your security mechanisms within the framework of advance development projects with automotive technologies. This helps you to validate the qualification of your concepts for serial production and forestall integration problems.

people around a table discussing technical details

Development and Evaluation of Security Concepts

Vector analyzes your security concepts and teams up with you to develop optimizations with an appropriate cost/benefit ratio. This gives you a solution that has been specifically tailored to your product. The following are typical projects we can execute:

  • Analyzing and improving existing products with respect to concrete attacks (incident response)
  • Developing and analyzing security concepts for specific security-relevant applications such as remote diagnostics, remote software updates, and data collection campaigns
  • Analyzing and assessing complete vehicle security architectures, including the development of anonymized benchmarks

Advantages

You benefit from our know-how in automotive technologies and our experience in the following areas:

  • Security engineering methods
  • Hardware trust anchors (SHE, HSM, TPM)
  • Cryptographic processes
  • Management of crypto material (keys, certificates)
  • Secure boot
  • Intrusion detection and intrusion prevention systems
  • Secure on-board and off-board communication

Our experience in the integrated development of safety and security concepts will also be helpful to you.

Embedded Software

AUTOSAR Basic Software: MICROSAR

Vector supports your ECU development by offering efficient modules that allow you to implement your security requirements. The MICROSAR basic software includes security modules that can be specifically tailored to meet your project requirements:

  • Crypto Service Manager (CSM)
  • Crypto driver [Crypto(SW)] according to the AUTOSAR standard based on an efficient crypto library
  • Drivers [Crypto(HW)] for different types of hardware trust anchors such as the Secure Hardware Extensions (SHE) and Hardware Security Modules (HSM) for leading microcontroller manufacturers
  • Driver [Crypto(vHSM)] as interface between the MICROSAR stack and vHSM – the HSM firmware from Vector
  • Interface for cryptographic algorithms (CRYIF)
  • Secure Onboard Communication (SecOC)
  • Transport Layer Security (TLS) client for secure communication over Ethernet
  • Internet Protocol Security (IPSec)
  • XML Security in conjunction with Efficient XML (vXMLSecurity)
  • Ethernet Firewall (ETHFW)
  • Security Event Memory (SEM) for tamper-proof saving of security events
  • AUTOSAR Key Manager (KeyM) for managing and distributing crypto material such as symmetrical and asymmetrical keys and certificates
  • OEM-specific Freshness Value Manager (FVM) and KeyM. Both are contained in the vSecMod module.
  • Diagnostic Policy Manager (DPM) for managing roles and rights in diagnostic services
Schematic graphic showing the security-related basic software modules of MICROSAR

We would be glad to discuss your special requirements for the modules. Please contact us.

Software-Stack for Hardware Security Modules

vHSM is the firmware from Vector for the Hardware Security Modules (HSM) of different semiconductor manufacturers. vHSM can be adapted to your specific use cases, and offers the following properties and functions:

  • Providing security services: Functions for saving keys, secure boot, symmetrical and asymmetrical cryptographic algorithms and basic functions with the use of hardware accelerators (e.g. AES, TRNG, CMAC)
  • Support of the Key Update Protocol as specified in the SHE standard
  • Adaptation to your requirements in terms of performance and resource requirements through configuration
  • Abstraction of the HSM hardware for cryptographic computations
  • Easy to integrate into AUTOSAR basic software, version 4.3 or higher (e.g. MICROSAR from Vector)
  • Can be seamlessly integrated into the Vector Flash Bootloader for secure boot processes and secure software updates
  • Supplied as source code together with the DaVinci Configurator Pro configuration tool from Vector

Flash-Bootloader

The Vector Flash Bootloader (FBL) comprises security modules which are customized for specific project requirements and the capabilities of the available hardware trust anchors:

  • Secure Boot Manager
  • Secure Update Manager for validating the software update
  • Update authorization
  • HIS security modules for implementing different security classes
  • Crypto Stack for providing security services
  • Drivers [Crypto(HW)] for the different types of hardware trust anchors such as SHE and HSM of leading microcontroller manufacturers
  • Extended security features by integration of vHSM

Benefits of the Embedded Software from Vector for Security

  • The Vector Crypto Library has been developed by experienced cybersecurity experts and is optimized to meet special requirements regarding performance and small memory footprints.
  • Proven-in-use software modules are embedded in the AUTOSAR basic software and can therefore be configured with minimal effort.
  • Security modules are provided as standard software modules and can be configured to match your use case. This gives you a high degree of cost control and planning assurance.
  • To further improve security and enhance the performance of your ECUs, MICROSAR.HSM can be executed on the processor of the hardware trust anchor.

Availability

The AUTOSAR basic software MICROSAR and the Vector Flash Bootloader are available for various microcontrollers. The software is adapted to the hardware at the best possible rate because we are in active exchange with the microcontroller manufacturers. Among others, Vector is a member of the Infineon Security Partner Network.

Testing of Security-Protected ECUs and Networks

Management and Configuration of Security Parameters

The principle of the Security Manager - with and without access to OEM-specific backends
The principle of the Security Manager - with and without access to OEM-specific backends

Security mechanisms prevent unauthorized access to vehicles and ECUs. This means that vehicle communication cannot be accessed at first, even during development. The Security Manager offers valuable services for testing ECUs anyway.

The Security Manager is the link between the Vector tools and the OEM-specific security implementations. With it, security functions can be used uniformly in the tools. No matter for which OEM you develop your control unit, you save time by only having to familiarize yourself once and then use the same "look and feel" also for different security concepts of the OEMs.

The connection to the OEM security implementations is made via PlugIns, the Security Packages (Sources), which are managed in the Security Manager. In tests and simulations, the Security Manager carries out the security-relevant operations and provides the tool with the results.

So far, the following tools use the Security Manager:

  • CANoe – Testing ECUs and Networks
  • CANalyzer, – Analyzing ECUs and Networks
  • CANape, – Calibration of ECUs
  • Indigo – Testing the diagnostics
  • CANoe.DiVa – Automated Testing of the Diagnostic Protocol

Services Offered

Secure on-board Communication (SecOC)

Security Manager Use Case: Simulate and test SecOC-secured communication
To simulate and test SecOC-secured communication, the Security Manager generates (left) and validates (right) the Message Authentication Codes (MACs).

SecOC secures and authenticates communication between ECUs based on Message Authentication Codes (MACs). Only based on valid MACs, simulation and test tools can communicate with the ECUs. For the Vector tools, the Security Manager, together with the OEM Security Packages*, generates and validates the MACs. The necessary input values such as secret key and freshness values are stored in the Security Manager.

* OEM Security Packages are available free of charge from Vector for some OEMs. These contain the OEM-specific Security algorithms and procedures. They simplify the application of general Security functions in the tools, since the OEM-specific behavior is outsourced in the packages.

Secure Diagnostics Through Authentication

Security Manager use Case: Diagnostics
The Security Manager enables authentication for Secure Diagnostics.

Diagnostic services may only be performed by trustworthy testers. With successful authentication, diagnostic services and critical operations such as flashing or variant coding can be enabled. The Security Manager executes the necessary processes together with the respective OEM Security Package.

Transport Layer Security (TLS/DTLS)

Sequence of TLS communication with original commands
Sequence of TLS communication with original commands

For a secure client-server communication on TCP/UDP-level, the TLS protocol (Transport Layer Security) is used. The Security Manager provides the TLS protocol stack for Ethernet communication. This allows tools to conveniently use the protocol, including parameterization, to test communication that is secured by TLS.

In addition to the required certificate hierarchy, the cipher suites to be used can also be configured. These contain the algorithms and parameters that are to be used to establish a secure data connection.

Management and Configuration of Security Parameters

The Security Manager offers the possibility to conveniently manage parameters of security services in profiles. The profiles are used at runtime in the Security Manager to configure the algorithms used:

  • Symmetric Key Management
    Symmetric keys must be provided for secure on-board communication. The keys can be imported directly, in containers or in OEM-specific formats.
     
  • Certificate Management
    Certificate hierarchies are managed using PKI profiles (Public Key Infrastructure). File- and folder-based imports allow certificates to be used in TLS and diagnostic contexts.
     
  • Communication with a Security Backend
    For security reasons, many vehicle manufacturers do not pass on certificates and instead manage them in a backend. Development tools request the certificate-based functions (e.g. for signing) there at runtime. For the Vector tools, the Security Manager takes over the communication with the backend. In this way, complex processes can be considerably simplified for the user.

Testing of Security Mechanisms

Fuzz-Testing with CANoe

Despite careful analysis, design, and implementation of security mechanisms, it remains necessary to test them. Fuzz testing is one method of doing so that has been successfully used in IT for years. Vector offers the capability of efficiently and professionally executing fuzz testing in the automotive area with the help of CANoe.

Interplay of CANoe and boofuzz for fuzz testing

Advantages

  • The fuzzing solution integrated into CANoe allows the efficient performance of fuzz testing.

Applications

For end-to-end applications, Vector’s services, embedded software, and tools complement each other, forming a complete and optimal solution. Using our proven off-the-shelf products, we develop specific solutions that are precisely tailored to your requirements in an interdisciplinary team. You benefit from our comprehensive experience in the following security-intensive fields of application (among others):

Please contact us if you would like to get further information about the areas of application.

Training

Risk-based Cyber-Security in Practice

Training situation

Vector Consulting Services offers training classes about Automotive Cyber Security. The training provides an introduction to the fundamentals and practice of cyber security engineering. It introduces the basic techniques for specification, analysis, testing and proofing of security. Since there can be no absolute cyber-security, the focus of the training is on a risk-based approach and of the necessary consistent methodology.