The rapidly growing connectivity of vehicles is opening up numerous opportunities for new functions and attractive business models. At the same time, the potential for cyber-attacks on vehicle networks is also growing. Such attacks threaten the functional safety of the vehicle and could cause financial damage.
Automotive manufacturers and suppliers rely on Vector as trusted partner. We support you with services, embedded software and tools for securing embedded systems against cyber-attacks.
Protect your product effectively and efficiently by taking advantage of Vector’s many years of experience and knowledge. We offer thorough consulting on security issues, from threat analysis to security strategies and architectures to the implementation and testing of all security functions. In the implementation of security functions in ECU software, Vector supports a wide range of hardware trust anchors from various hardware manufacturers. The well-known Vector tools are also designed for the entire development process of cyber-security-relevant systems.
Protecting vehicle functions against unauthorized access and manipulation is a central challenge for current and future ECUs. Vector has already been working closely with automotive OEMs and suppliers for a number of years in this area. By using our consultation services, we can make a contribution toward protecting your valuable data by using fast and resource-efficient cryptographic functions in the ECU.
The Goals of Security
Security lets you assure that information is transmitted fully and unchanged and that only certain receivers have access to this information. In attaining these goals, Security defines the following terms:
Authenticity: trustworthy data exchange between senders and receivers
Integrity: checking to ensure that information contents are complete and unmodified
Confidentiality: data is encrypted and can only be read by authorized nodes.
Application Areas of Automotive Cyber Security
Requirements for security of information in the vehicle are growing along with the complexity of vehicle functions. In addition to protecting internal vehicle data, the vehicle’s connections to the outside world in particular require heightened protection against unauthorized access. Some use cases that illustrate security needs:
Internal Vehicle Communications
Secure data storage
Authenticated frame transmission, e.g. by secure on-board communication (SecOC), to prevent manipulation of critical signals
Communication with tire monitoring systems (e.g. via Bluetooth)
Intelligent charging: secure communication with an electric charging station
Car2X/V2X: authenticated data transmission between vehicles and infrastructure
Internet access and hotspot for infotainment in the vehicle
Diagnostics, flash programming, remote access and software updates via the (mobile) radio network (OTA)
Reducing the issue of security to the selection of cryptographic algorithms is insufficient. Instead, security must be consistently taken into account from the concept phase to the after-sales processes. Vector provides you with support during the evaluation of your current processes (Vector SecurityCheck) and the introduction and application of security engineering processes. You benefit from the experience and competence of our security experts, who, among other things, also offer automotive-specific in-house training on security engineering.
Concept Validation for Security Mechanisms
Vector implements your security mechanisms within the framework of advance development projects with automotive technologies. This helps you to validate the qualification of your concepts for serial production and forestall integration problems.
Development and Evaluation of Security Concepts
Vector analyzes your security concepts and teams up with you to develop optimizations with an appropriate cost/benefit ratio. This gives you a solution that has been specifically tailored to your product. The following are typical projects we can execute:
Analyzing and improving existing products with respect to concrete attacks (incident response)
Developing and analyzing security concepts for specific security-relevant applications such as remote diagnostics, remote software updates, and data collection campaigns
Analyzing and assessing complete vehicle security architectures, including the development of anonymized benchmarks
You benefit from our know-how in automotive technologies and our experience in the following areas:
Security engineering methods
Hardware trust anchors (SHE, HSM, TPM)
Management of crypto material (keys, certificates)
Intrusion detection and intrusion prevention systems
Secure on-board and off-board communication
Our experience in the integrated development of safety and security concepts will also be helpful to you.
Vector supports your ECU development with efficient modules for meeting your security requirements. The MICROSAR basic software includes security modules that can be tailored specifically to your project requirements:
Crypto Abstraction Library (CAL) and Crypto Service Manager (CSM)
Software implementation for Crypto Primitive Library (CPL) and Crypto Library Module (CRYDRV (SW)) on the basis of an efficient crypto library
Drivers (CRYDRV (HW)) for various types of hardware trust anchors such as SHE or HSM from leading microcontroller manufacturers
Interface for crypto algorithms (CRYIF)
Secure On-Board Communication (SecOC)
Transport Layer Security (TLS) client for secure communication using Ethernet
XML Security in conjunction with Efficient XML
Ethernet Firewall (ETHFW)
Security Log (SLOG) for tamper-proof storage of security events
Key Manager (KEYM) and Key Storage Manager (KSM) for managing and distributing key material such as symmetrical and asymmetrical keys and certificates
The following topics are currently under development and will soon be available as part of the MICROSAR basic software:
CAN Firewall (CANFW)
Network-based Intrusion Detection System (NIDS) for Ethernet and CAN
Host-based Intrusion Detection System (HIDS) for ECU-internal process monitoring
We would be happy to discuss your special requirements on these modules with you. Please contact us.
The Vector crypto library was developed by experienced cybersecurity experts and is optimized to meet the special performance and resource requirements.
Proven software modules are embedded in the AUTOSAR basic software and can therefore be configured with less effort.
The security modules are designed as standard software modules and are configured to suit your application. This gives you a high degree of cost control and planning security.
Selected MICROSAR modules can be executed on the hardware trust anchor’s processor in order to improve your ECU’s security and performance.
The AUTOSAR basic software MICROSAR and the Vector Flash Bootloader are available for various microcontrollers. The software is adapted to the hardware at the best possible rate because we are in active exchange with the microcontroller manufacturers. Among others, Vector is a member of the Infineon Security Partner Network.
Testing of Security-Protected ECUs and Networks
Management and Configuration of Security Parameters
Security mechanisms in the ECU secure the vehicle and its functions against manipulation and unauthorized access. However, for testing and diagnostic purposes, it must be possible for an authorized individual to participate in vehicle communication during development and later operation.
Vector’s Security Manager offers a uniform solution for the relevant tools (CANoe, CANalyzer, Indigo, etc.).
Testing of Security Mechanisms
Fuzz-Testing with CANoe
Despite careful analysis, design, and implementation of security mechanisms, it remains necessary to test them. Fuzz testing is one method of doing so that has been successfully used in IT for years. Vector offers the capability of efficiently and professionally executing fuzz testing in the automotive area with the help of CANoe.
The Vector Security Manager offers uniform and secure interfaces for using crypto materials (keys and certificates) with Vector Tools.
The fuzzing solution integrated into CANoe allows the efficient performance of fuzz testing.
For end-to-end applications, Vector’s services, embedded software, and tools complement each other, forming a complete and optimal solution. Using our proven off-the-shelf products, we develop specific solutions that are precisely tailored to your requirements in an interdisciplinary team. You benefit from our comprehensive experience in the following security-intensive fields of application (among others):
Vector Consulting Services offers training classes about Automotive Cyber Security. The training provides an introduction to the fundamentals and practice of cyber security engineering. It introduces the basic techniques for specification, analysis, testing and proofing of security. Since there can be no absolute cyber-security, the focus of the training is on a risk-based approach and of the necessary consistent methodology.