Author: AUTOCRYPT

11 February, 2025 . 3 mins read

AUTOCRYPT Launches Security Fuzzer in Japan through Distributor Agreement with Hitachi Solutions

AUTOCRYPT, award-winning vehicle testing solutions provider, and Hitachi Solutions, Ltd., IT solutions provider, announced a distribution agreement, bringing AutoCrypt Security Fuzzer to the Japanese market starting January 22, 2025. This marks the first domestic availability of the globally recognized Security Fuzzer in Japan.  

This adds to the two companies’ existing partnership agreement, as AUTOCRYPT currently offers its V2X security solution with the option of integrating its security library with Hitachi Solution’s Vehicle-to-Everything (V2X) Middleware Platform. The new agreement continues to align with Hitachi Solutions’ commitment to delivering advanced cybersecurity tools, as well as AUTOCRYPT’s expertise in developing cutting-edge, optimized testing technologies to the automotive industry.  

AutoCrypt Security Fuzzer was designed specifically for in-vehicle software development and testing, and boasts automated test case generation, generating over one million test cases based on ISO 14229-1:2020, supporting all 26 Service Identifiers (SIDs) defined in the Unified Diagnostic Service (UDS) protocol). AutoCrypt Security Fuzzer also provides continuous automated execution for individual ECUs or integrated systems, optimizing the testing process. Users receive comprehensive key test results, with summaries and visualizations of major outcomes, enabling developers to quickly review and re-execute to address detected vulnerabilities.  

“We are delighted to work together with Hitachi Solutions to bring our fuzzing solution to the Japanese market,” said Duksoo Kim, CEO and co-Founder of AUTOCRYPT. “As the industry embraces SDVs, there is mounting pressure for manufacturers and suppliers to meet standards and regulations, and our tool offers support so there is no interruption in the compliance process. We are confident that AutoCrypt Security Fuzzer will address the current challenges in the automotive cybersecurity landscape, and contribute to safer, more reliable automotive software.”  

The official distributorship agreement in Japan through Hitachi Solutions will enable Japanese manufacturers and suppliers to adopt a comprehensive, effective approach to cybersecurity testing, streamlining compliance with international standards, including ISO/SAE 21434. 

About Autocrypt Co., Ltd. 

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. Its comprehensive suite of automotive cybersecurity testing services and platforms includes the award-winning AutoCrypt CSTP, which supports automotive OEMs and suppliers in meeting regulatory standards ilke ISO/SAE 21434, UNECE WP.29 UN R155, as well as other emerging global standards.  

About Hitachi Solutions, Ltd. 

Hitachi Solutions is a core IT company of the Hitachi Group. They deliver products and services of superior value to customers worldwide through key subsidiaries in Asia, the United States and Europe. Hitachi Solutions has also been providing a variety of solutions globally using cutting-edge digital technologies based on collaborative creation with customers. Together with our partners around the world, They are accelerating Sustainability Transformation (SX) to solve the challenges facing society and business, and contribute to the realisation of a happy society where no one is left behind. 

31 January, 2025 . 5 mins read

Hardware-in-the-Loop Simulation: What it means for ECU testing

With rapid advancements in autonomous driving technologies and various convenience features, vehicles now offer a wide array of functionalities. However, as modern vehicles rely on an increasing number of ECUs, HILS ECU Testing has become essential for validating and optimizing software performance before deployment. By simulating real-world driving conditions, HILS ensures that ECUs function reliably before integration into actual vehicles.

This isn’t simply a braggart outfitting of a vehicle. The numerous features offered by modern-day vehicles simply cannot be managed by a single ECU. Multiple ECUs must work together using complex interconnections to delivery seamless, safe functionality

For example, an automatic climate control system operates with the collaboration of several ECUs; one may be managing temperature sensors, while another runs airconditioning, windows, and heaters, and so on. This is a simple example, but for more complex features, dozens of ECUs may be required to perform a single function in perfect unison.

Difficulties in Testing

When adding a new feature to a vehicle, it is essential to test and validate the software of the ECUs because unlike hardware defects, software defects often remain undetected during the product development stage, making them difficult to address. Unlike hardware issues, these defects can cause unpredictable and potentially life-threatening outcomes. However, directly testing functions on actual vehicles can be equally risky, so traditionally, prototypes resembling the network environment of a vehicle are used to test functions by combining the relevant ECUs.

However, testing in a network environment is costly due to the exponential increase in the complexity of ECUs and software in recent years.

For example, luxury models like the Mercedes-Benz S-Class, BMW 7 Series, and Hyundai Genesis can be equipped with hundreds of ECUs. Testing a single vehicle function requires assembling a prototype model, a process that is both costly and time-consuming. Instead, automakers increasingly rely on HILS ECU Testing to simulate real-world conditions before deploying physical prototypes. Moreover, luxury sedans often contain over 20 million lines of software code—approximately three times the amount of code found in a large aircraft.

Therefore, assembling and testing hundreds of ECUs for every new feature adds considerable cost and time for manufacturers and suppliers. Testing a single function could mean creating a unique testing environment for all related ECUs, which would vary by vehicle model.

HILS Testing

This is where HILS (Hardware-in-the-Loop Simulation) comes in. HILS is a testing technique used to verify the functionality of developed products by simulating their actual operational environment.

In vehicle testing, HILS serves as a simulation system for various ECU functionalities. HILS makes it possible to test everything from individual ECUs to integrated network systems for all driving scenarios before ever testing on an actual vehicle.

Instead of combining physical ECUs into a prototype, HILS testing uses simulations. The testing environment consists of three main components:

  1. Test Input Generator: Generates and provides input values for the test. Tools like fuzzers are included in this component
  2. Target ECU: The specific ECU to be tested
  3. HILS: A virtual controller that mathematically models the vehicle environment and simulates the actual movements of controllers. When needed, real actuators can be connected for experimentation.

In the example provided by below by AUTOCRYPT, you can see how the test process works. The Target ECU is connected to the HILS system, which receives test input values generated by the Fuzzer. The output from the HILS system verifies the functionality of the ECU, eliminating the need to physically assemble all related ECUs for testing. Only the ECU to be tested needs to be connected to the HILS environment.

HILS ECU Testing for Automotive Software - autocrypt

HILS Advantages

While it does not completely eliminate the need for prototype vehicles, simulated testing is generally more cost-effective than creating physical products. It reduces the number of prototype vehicles, and shortens the time and manpower spent on test benches.

HILS also provides a significant advantage in conducting dangerous tests, such as wire breaks, sensor failures, or crash simulations. It is equally effective during the development of control algorithms when the actual components for testing may not yet exist. Furthermore, the ability to conduct tests anytime, anywhere, adds a practical advantage.

HILS ECU testing is not simply at its conceptual stage. The automotive industry has already recognized the importance of HILS testing – in fact, ISO 26262, the international standard for functional safety in vehicles, outlines software validation stages throughout a vehicle’s lifecycle, and recommends HILS testing during unit and integration testing.

For instance, Hyundai Motor Group’s vehicle software development process emphasizes HILS testing in the fifth stage of their V-cycle process, highlighting the growing importance of integrated HILS testing in new vehicle development as automotive control software becomes increasingly complex.

According to Wards Auto, the word “software” was first mentioned in a recall in 1994, and since then attribution to software for recall incidents has risen to 15% by 2023. While, software defects are inevitable as automotive software becomes heavier and more complex, this means conducting comprehensive software testing in advance is that much more essential.

HILS plays a critical role in this process by enabling flexible, unrestricted testing, which also aids in rapid response to software defects. Unlike physical tests, which are hindered by the time and cost of prototype production, HILS allows for swift simulation-based defect analysis and response.

To learn more about how AUTOCRYPT utilizes HILS in its fuzz testing solution, click here.

To learn more about AUTOCRYPT’s use of HILS in its fuzz testing solution and other automotive testing services, contact global@autocrypt.io.

23 December, 2024 . 2 mins read

Infographic: 2024 Year in Review

This year has been a remarkable journey for AUTOCRYPT, filled with innovation, meaningful collaborations, and impactful achievements. We are incredibly grateful to our investors, partners, clients, readers, and visitors for your unwavering support in 2024!

As we prepare to step into 2025, we’re excited about the opportunities and challenges that lie ahead. Here’s to another year of growth, innovation, and success—together!

Merry Christmas and Happy New Year!

Below is a recap of AUTOCRYPT’s key milestones and accomplishments in 2024.

Infographic 2024 Year in Review Autocrypt

Download PDF

(Accessibility version below)

New solutions

2024 has been the year of innovation and growth for AUTOCRYPT. We introduced 4 new groundbreaking solutions designed to address critical challenges in the automotive cybersecurity sector.

AutoCryptⓇ CSTP – Automotive cybersecurity testing platform for regulatory compliance

AutoCryptⓇ CLS – C-ITS local station for V2I communication

AutoCryptⓇ ASL – Adaptive security library for AUTOSAR platforms

AutoCryptⓇ RODAS – Remote driving assistance system for autonomous vehicles

Awards and certifications

This year, our efforts were recognized with several prestigious certifications and awards:

Designated as a Vehicle Type Approval Technical Service Provider for UN R155/156

Received Top Innovator Award at the 2024 CLEPA Innovation Awards

Partnerships

Collaboration fuels innovation, and this year, we forged impactful partnerships that strengthen our solutions and expand our reach:

VinCSS

Cohda Wireless

MicroNova

Bayanat

Emobi

Events

We participated in several impactful events, connecting with industry leaders and showcasing our innovations:

  1. CES 2024
  2. ITF Summit 2024
  3. VDI ELIV
  4. AutoTech Detroit 2024
  5. Automotive Testing Expo Europe
  6. International VDI Conference
  7. ITS World Congress Dubai
  8. Car Connectivity Consortium

and more…

Resources

This year, we published a range of resources to guide and inform our industry peers:

The Rise of Chinese Software-Defined Vehicles

UNECE Regulation 155: Key Vehicle Components to Focus on for Regulatory Compliance

Public Key Infrastructure: Use Cases in the Automotive Industry

Robotaxis in the Spotlight: Market Trends, Technology, and Disengagement Analysis

10 December, 2024 . 2 mins read

AUTOCRYPT Receives Top Innovator Award at the 2024 CLEPA Innovation Awards

Brussels, December 4th, 2024 – AUTOCRYPT proudly announces its recognition as a top innovator at the 2024 CLEPA Innovation Awards for its groundbreaking Cybersecurity Testing Platform (CSTP).

The award-winning AutoCrypt® Cybersecurity Testing Platform (CSTP) revolutionizes automotive cybersecurity by offering a comprehensive suite of security tests and validations within a unified platform. The CSTP enables manufacturers and developers to meet critical compliance requirements, including UN R155/156 and GB (GB/T) standards, with its proprietary test cases designed to address diverse regulatory demands.

Cybersecurity Testing Platform award

As AUTOCRYPT continues to drive innovation, the recognition at the CLEPA Innovation Awards underscores the company’s commitment to advancing secure and efficient automotive cybersecurity solutions.

“I am extremely pleased that our platform’s remarkable contribution to streamlining automotive cybersecurity testing was highlighted at the CLEPA Innovation Awards,” CEO of Autocrypt, Duksoo Kim remarked. “Safeguarding vehicles for the future of transportation has always been our priority. We are committed to ensuring that compliance is optimized, and is not a hindrance for manufacturers and suppliers.”

About the CLEPA Innovation Awards

The ninth CLEPA Innovation Awards showcased ground-breaking ideas in green and digital technology across the automotive supply industry. The event awarded 12 Top Innovators and included talks with high-level EU policy makers on the future of transport.

Since 1959, CLEPA has been a key voice for automotive suppliers in Europe, and this 65th anniversary milestone brought together key policy makers Signe Ratso, Deputy Director-General, DG for Research and Innovation (European Commission)MEPs Andrea Wechsler (EPP) and Danuše Nerudová (EPP). They joined CLEPA President, Matthias Zink and Deloitte’s Elmar Pritsch on stage for a panel discussion on the key drivers for this industry to stay competitive and continue leading innovation.

Explore this year’s top innovations, and other materials here: Home – CLEPA Innovation Awards

About Autocrypt Co., Ltd.

AUTOCRYPT is the industry leader in automotive cybersecurity and connected mobility technologies. The company specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and mobility platforms, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides consulting and testing services along with custom solutions for UN R155/156 and ISO/SAE 21434 compliance.

3 December, 2024 . 4 mins read

Security Validation and Vulnerability Testing for Automotive Software

As vehicles continue to evolve into sophisticated, software-driven machines, automotive cybersecurity has become as critical as a car’s physical safety. Modern vehicles rely on millions of lines of code that must not only work seamlessly but also remain resilient to potential cyberattacks. Regulations and industry standards mandate manufacturers to safeguard their systems against these threats. Two fundamental processes in achieving this are security validation and vulnerability testing. While both aim to ensure software security, they take distinct approaches to achieve it. Let’s dive into their roles, differences, and why they’re indispensable for automotive cybersecurity.

Security Validation

At its core, security validation is about ensuring that a system meets predefined security requirements and functions as expected under normal conditions. Think of it as a quality assurance process that confirms security measures are implemented correctly and comply with industry standards like UN R155/156 or ISO/SAE 21434.

For instance, security validation could involve verifying that Over-the-Air (OTA) update mechanisms comply with UN R156 requirements or ensuring that each ECU component is secure under different real-world conditions.

Manufacturers employ various testing methods to perform security validation, including but not limited to:

  • Functional Testing, which ensures key features like encryption and authentication work correctly under normal use cases.
  • Fuzz Testing, which introduces random or unexpected inputs to assess system stability and expose hidden vulnerabilities.
  • Penetration Testing, which simulates attack scenarios to test the system’s ability to defend against real-world threats.

The primary goal of security validation is to provide confidence and documented proof that all cybersecurity measures are not only in place but also operating effectively according to regulatory standards.

Vulnerability Testing

While security validation checks compliance, vulnerability testing takes a broader approach, exploring potential weaknesses or flaws that attackers might exploit. This process identifies vulnerabilities—both known and unforeseen—through rigorous probing and stress testing. Given that vehicle software is constantly evolving, vulnerability testing must be an ongoing process to mitigate risks proactively.

Common techniques include:

  • Fuzz Testing for Vulnerability Detection, which detects weaknesses by feeding unexpected or malformed data into the system.
  • Network and Protocol Testing, which analyzes communication protocols such as CAN, LIN, and Ethernet for exploitable flaws like injection vulnerabilities.
  • Hardware Security Testing, which examines hardware-software interactions, such as the extraction of firmware from electronic control units (ECUs), for potential vulnerabilities.

Unlike security validation, which confirms what is known, vulnerability testing ventures into the unknown, uncovering potential attack vectors that may not have been anticipated during the development process.

Key Differences Between Security Validation and Vulnerability Testing

Security Validation and Vulnerability Testing Differences

By combining these two processes, manufacturers can build automotive systems that are not only compliant but also resilient to cyber threats.

As the automotive industry moves toward greater connectivity, the stakes for cybersecurity are higher than ever. Security validation ensures that systems meet regulatory standards, while vulnerability testing helps uncover hidden risks before malicious actors can exploit them. Together, they form a comprehensive approach to protecting vehicle systems from cyber threats.

For instance, validating the proper encryption of V2X communication provides compliance, but only through vulnerability testing can potential flaws in cryptographic implementation be identified. By integrating both practices into the development lifecycle, manufacturers can ensure their systems are secure and future-ready.

Cybersecurity in modern vehicles is no longer an optional feature—it’s a foundational requirement. Security validation and vulnerability testing are two sides of the same coin, each addressing distinct yet complementary aspects of the security landscape. When combined, they provide the robust framework needed to protect vehicles from both known and emerging cyber threats.

For manufacturers, embracing these processes is not just about meeting regulatory requirements—it’s about staying ahead in an industry where safety, innovation, and trust go hand in hand.

12 November, 2024 . 5 mins read

EDR and DSSAD: A Look at Vehicle Accident Analysis Tools

In this age of autonomous driving technology, whenever there is an accident, heads turn to utilizing data from vehicle data recorders like the Event Data Recorder (EDR) or Data Storage System for Automated Driving (DSSAD) to uncover the accident cause. In today’s blog, we’ll take a closer look at the functions of the EDR and DSSAD, their differences, and their significance for accident analysis in the new era of autonomous driving.

It has become easier than ever to obtain recordings of vehicle accidents. With the combination of vehicle dashcams and nearby CCTV footage, determining the cause or perpetrator of an accident has become much more manageable than before. However, it can still be challenging to ascertain the root cause of an accident solely through video footage.

One particular type of accident that is difficult to analyze is the case of a sudden unintended acceleration (SUA). While the number of reported incidents has been decreasing this past decade, SUA accidents remain a frequent and often controversial topic of discussion. These types of accidents can be challenging to evaluate solely through video footage analysis, and this is where additional devices and data become necessary.

EDR

The Event Data Recorder or EDR is a type of data recording device that is embedded into a vehicle’s Airbag Control Unit (ACU) or the engine’s Electronic Control Unit (ECU). When a collision or a sudden incident occurs while the vehicle is in motion, the EDR records data related to vehicle operations for a specific period of time.

In many countries, there are stringent regulations on what the EDR is required to record. For example, in the United States, the National Highway Traffic Safety Administration (NHTSA) specifies requirements for EDRs under 49 CFR (Code of Federal Regulations) Part 563.

Source: 49 CFR Part 563: Event Data Recorders, published by the National Highway Traffic Safety Administration (NHTSA)

The EDR records critical vehicle data as listed above. In the case of an incident, vehicle owners can provide this information to authorities for accident analysis. The EDR plays a vital role in understanding accident dynamics and improving vehicle safety standards as a whole. The EDR is so vital, in fact, that in 2022 the NHTSA proposed to extend the EDR recording period from five seconds to 20 seconds.

This realization of the importance of EDRs is not limited to the United States. In 2021, the UNECE’s WP.29 (The World Forum for Harmonization of Vehicle Regulations) put into force UN R160, a regulation establishing provisions concerning vehicles and EDRs. R160 defines certain data collection and implementation requirements for EDRs. Following this, in 2022, the European Union approved a new act that requires the installation of an EDR in all motor vehicles in M and N categories (passenger vehicles and trucks). The regulation went into force in July of 2024 for all new vehicles.

DSSAD 

The Data Storage System for Automated Driving (DSSAD) is a device designed to record and store data during autonomous driving sequences. It records and stores data on significant events related to autonomous driving, such as system activation, partial autonomous system failure, or minimal risk maneuvers. This data can then be used to address accidents and regulatory issues related to autonomous vehicles.

While DSSADs are only mandated in a handful of countries, their implementation is subject to certain regulatory measures for compliance. For instance, UNECE’s UN R157, which covers automated lane-keeping systems (ALKS), mandates DSSAD for vehicles equipped with ALKS in order to monitor status changes in the autonomous driving system (ADS).

Comparison of EDR and DSSAD

Comparison of DSSAD and EDR data recording for accident analysis

While there are similarities between EDR and DSSAD, there are core differences between the two.

  • The EDR is primarily designed for investigation of conventional vehicles, while the DSSAD is specifically developed for autonomous and semi-autonomous vehicles.
  • The EDR stores and provides data related to accidents just before they occur, while the DSSAD will store autonomous driving-related data for a relatively long period.
  • EDR data is only stored temporarily, and is not typically retained unless a crash occurs, while the DSSAD data is retained for a longer timeframe (typically around six months), or up to a certain number of recorded events to ensure comprehensive documentation.

Despite the differences, the two complement each other in analyzing accidents and clarifying liabilities regarding an incident. A vehicle’s dashcam has limitations, so the EDR can be crucial for accident analysis. Regulations regarding DSSAD in autonomous vehicles can also clarify responsibility between driver(s) and the vehicle.

In today’s era of autonomous driving technology, both the Event Data Recorder (EDR) and the Data Storage System for Automated Driving (DSSAD) are gaining significant attention due to growing concerns about liability in the event of accidents. However, this also brings forth the issue of cybersecurity. Maintaining data integrity is essential, as both the EDR and DSSAD store and retrieve data that could influence accident investigations. Tampering with this data could not only hinder accurate accident analysis but also allow parties to misplace liability. Security measures such as data anonymization and encryption are vital for protecting sensitive information stored by the EDR and DSSAD, as well as safeguarding personal data, location information, and driving records.

EDR and DSSAD are vital tools for transparency and accountability in autonomous vehicles, but their effectiveness hinges on comprehensive cybersecurity. By implementing robust protections against data tampering and unauthorized access, these recording technologies can serve their intended purpose: helping investigators understand complex accidents, advancing autonomous driving technology, and building public trust. The path to widespread adoption requires both sophisticated data collection and unwavering security measures.

Navigating the evolving mobility landscape is complex, but cybersecurity will play a key role in building trust among manufacturers, consumers, and legislators, ultimately paving the way for a secure future.

To stay informed about the latest news on mobility tech and software-defined vehicles, subscribe to AUTOCRYPT’s monthly newsletter.