Author: AUTOCRYPT

7 December, 2022 . 2 mins read

AUTOCRYPT Accredited by WebTrust for CAs as V2X Root Certificate Authority

SEOUL, KOREA, December 7, 2022 — AUTOCRYPT, an industry-leading provider of automotive cybersecurity and connected mobility solutions, announced that it has been officially accredited by the AICPA/CICA WebTrust Program for CAs (Certification Authorities) as a root certificate authority for the V2X-PKI ecosystem, making it Asia’s first, and the world’s third V2X root certificate authority to receive the WebTrust seal.

The WebTrust Program accredits CAs after having licensed auditors conduct extensive audits to verify that the CA has adequate management capabilities and strictly follows its Certificate Practice Statement (CPS) by properly verifying organizations and protecting its certificate keys. The WebTrust seal is an internationally recognized symbol for safe practice in PKI and cryptography, to which many organizations demand WebTrust accreditation for all CAs involved in their supply chains.

AUTOCRYPT’s V2X-PKI CA (Certificate Authorization) Service acts as a root CA that registers, issues, manages, and revokes V2X certificates to subordinate CAs, supporting SCMS standards across North America, Europe, and China. Independently operated by its self-established security certification center, the service has undergone months of external audits and monitoring prior to receiving the accreditation.

“Aligning with our vision of enabling reliable and autonomous mobility for all road users, we developed our own root CA service to help establish trust within the V2X ecosystem,” said Daniel ES Kim, CEO of AUTOCRYPT. “By providing WebTrust-accredited certificate lifecycle management for V2X CAs, we look forward to enabling a streamlined V2X deployment process for our clients and partners, as well as encouraging more V2X implementations across a wider variety of use cases.”

Apart from serving as a V2X root CA, AUTOCRYPT offers a complete security solution for the V2X ecosystem, including a security module for OBU/RSUs, an SCMS backend, and an Integrated Management System (IMS) for SCMS that enables automotive OEMs to oversee all the SCMS certificates for their fleets via a graphical user interface.

For more information regarding AUTOCRYPT’s V2X security solutions and offerings, contact global@autocrypt.io.

1 December, 2022 . 8 mins read

From Safety to Sustainability: A Look at the Short-Term Benefits of V2X

There are two major approaches to achieving autonomous driving. The first is ADAS (advanced driver-assistance systems). And the other is V2X (vehicle-to-everything). Although the public is now quite familiar with ADAS, V2X remains a relatively unknown field. Even among industry stakeholders, a common misconception about V2X is that it must be deployed on a mass scale to provide meaningful benefits. In this blog, we explain why V2X deployment might not be as big an investment as it might seem, by looking at some of the short-term benefits of V2X.

Why It Doesn’t Need to Be Mass Deployment

Indeed, the ultimate objective of V2X is to create a fully connected mobility ecosystem that enables a state of full driving automation (Level 5), where vehicles seamlessly communicate with their surrounding vehicles and infrastructure through exchanging messages in real-time, overcoming the shortcomings (e.g., blind spots, failed object recognition) of cameras and sensors. This approach towards autonomous driving is also referred to as Vehicle-Infrastructure Cooperated Autonomous Driving (VICAD).

However, establishing an entire V2X ecosystem is a long process, as it can take many years to transform an entire city’s transport infrastructure into V2X-enabled systems. Therefore, industry players shouldn’t solely focus on the final objective of VICAD, but instead, work towards deploying V2X for its immediate benefits. This way, consumers can start benefiting from V2X sooner, which helps generate momentum to accelerate further investment and deployment.

Imaging planning and building a subway network from scratch. Of course, the final goal is to create an interconnected network that covers the entire city. However, if the public must wait until an entire network to be completed before benefiting from it, there would be very little interest in moving the project forward. Instead, cities start by building and operating a single line to allow at least some consumers to benefit from it in the short term.

The same is true for V2X. It doesn’t need to be mass deployment before we can start to see benefits. Some case-specific applications, including Signal Phase and Timing (SPaT) and emergency vehicle preemption (EVP), have already generated some promising short-term benefits in terms of road safety and efficiency.

The Short-Term Benefits of V2X

1. Road safety

Even with selective, small-scale deployments over the short term, V2X opens the opportunity for many creative approaches to enhance road safety. For instance, V2X roadside units (RSU) can be installed onto traffic signals at selected intersections where car accidents frequently occur, enabling Signal Phase and Timing (SPaT). SPaT is a V2X application where the traffic signal informs incoming vehicles of the remaining time of the signal. When vehicles receive that information, they can automatically determine whether to continue to cruise through the intersection, slightly accelerate to pass through prior to the signal change, or gently decelerate to a full stop. Having machines do the timing and calculation can help reduce human misjudgments at intersections.

It might be tempting to think that SPaT is only beneficial when all vehicles are equipped with V2X onboard units (OBU). Of course, the more V2X-enabled vehicles there are, the more effective the use case becomes. Still, if only a quarter of vehicles were to be equipped with V2X OBUs, SPaT would make a significant difference by improving the safety record of the intersection. This is because drivers have a natural tendency to move with the flow. The behaviour of V2X-enabled vehicles will influence the behaviours of surrounding drivers, encouraging them to comply with the coordination as well, hence reducing the likelihood of dangerous acceleration and braking during yellow lights.

Installing RSUs at intersections enables another common use case known as emergency vehicle preemption (EVP), which is currently deployed in many major cities across the globe. This is where OBUs installed in ambulances and fire trucks communicate with RSUs at intersections, prompting the traffic signal to change in favour of their direction, making it a very useful application in dense city streets where emergency vehicles can easily get stuck in gridlocks.

As such, localized V2X applications like SPaT and EVP do not require mass deployment. Hence, infrastructure operators and automotive OEMs can focus primarily on these short-term benefits.

2. Traffic efficiency

Besides safety, traffic efficiency is one of the other short-term benefits of V2X. A promising V2X-enabled solution that helps increase traffic efficiency is truck platooning. This is when a fleet of trucks cruise in a row at the same speed in the formation of a train. Given that trucks take up a significant percentage of the highway, having trucks travel individually at different speeds across different lanes can slow the overall traffic and lead to potential safety hazards. By lining them up in a lane at a consistent speed, a significant amount of space can be freed up, enabling faster travel speeds, and reducing the level of congestion during peak times. Furthermore, truck drivers in the follower trucks will be able to rest during the trip, reducing the likelihood of driver fatigue, hence enhancing road safety as well.

Another localized application of V2X is smart parking. This is when RSUs equipped in parking lots communicate with OBUs in nearby vehicles to inform them about parking space availability. In busy urban centers, a great amount of aggregated time is spent on searching for parking space. Not only is it a frustrating experience to circle around a busy block looking for the nearest available parking space that doesn’t cost a fortune, but those in search of parking can add up to the existing traffic and cause further congestion. With V2X-enabled smart parking, there will be no need to roam around urban streets for parking.

3. Cost saving

Road transportation comes with a cost. Apart from fuel and maintenance costs, every minute spent sitting in traffic is an opportunity cost that can be measured in the form of lost productivity. According to the 2021 INRIX Global Traffic Scoreboard, traffic congestion in the United States costs the average driver $564 in lost productivity throughout the year, and an aggregated $53 billion to the country.

When RSUs are deployed in critical areas such as frequently congested intersections and highway merges, V2X-enabled traffic coordination like SPaT and lane merge assists can reduce congestion remarkably, thus cutting unnecessary fuel consumption and productivity loss.

4. Environmental sustainability

When it comes to sustainable transport, electric vehicles (EV) are the most effective solution that contributes directly to a reduction in carbon emissions. However, many do not realize that V2X is another promising technology that can make a positive impact on environmental sustainability.

This is because V2X is an effective energy saver. As aforementioned, since V2X applications can help coordinate traffic and reduce congestion, the average vehicle spends less time on the road, with less unnecessary acceleration and braking. This results in not just less emission, but also less electricity consumption for EVs. Although this might seem like a subtle difference for a single vehicle, the accumulated energy savings and emission cuts can make a meaningful impact on the environment.

Additionally, just like emergency vehicle preemption, OBUs can also be installed on buses and street cars so that traffic signals can give priority to public transit, making traveling by public transit more efficient and convenient, thus encouraging greater usage.

5. Convenience

Regardless of its application, a common benefit that V2X brings across all use cases is convenience. Through real-time communications, road users will be able to benefit from a smart and connected mobility environment.

Start Small, Think Big

Back to the point — V2X connectivity isn’t all about the big picture of full autonomous driving. Through vehicle-infrastructure cooperation, V2X can be utilized for a wide range of localized use cases that do not require much time and effort to deploy. Eventually, these local deployments will naturally accumulate to shape an interconnected V2X ecosystem, enabling a complete VICAD experience. Therefore, policymakers, infrastructure operators, OEMs, and investors should push forward V2X deployment by focusing primarily on its immediate benefits.

Securing V2X Communications

An integral component of V2X deployment is cybersecurity. Encryption and PKI-based authentication measures must be preestablished within the communication end-entities (OBU/RSUs) to ensure that the messages communicated via V2X are securely protected from unauthorized access and tampering. Conversely, with more and more localized V2X deployments, cybersecurity capability will continuously improve with enhanced regional security policies.

AUTOCRYPT’s secure V2X communications solution strengthens both privacy and safety for V2X applications, including a security module installable onto OBU/RSUs, a Security Credential Management System (SCMS) that issues, revokes, and manages digital certificates for end-entities, as well as an Integrated Management System (IMS) for SCMS that allows automotive OEMs to easily manage all their V2X certificates across all vehicle fleets via a graphical user interface.

To learn more about AUTOCRYPT’s V2X security solutions and offerings, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

16 November, 2022 . 6 mins read

Cooperation in the New Automotive Software Supply Chain: An Emphasis on Cybersecurity

While there have been many changes within the automotive industry, since Toyota invented Just-in-Time (JIT) manufacturing in the 1960s, the automotive supply chain hasn’t seen much change within the past 60 years. The supply chain has been a solid vertical structure: Tier 2 suppliers provide subcomponents and materials to Tier 1 suppliers, who then supply OEMs with ready-to-install parts for assembly. This supply chain structure has been universally adopted because it is highly streamlined and efficient, both important attributes of vehicle production. Under this structure, automotive OEMs do not need to communicate directly with lower-tier suppliers, while every supplier focuses solely on fulfilling the orders of the upper-tier supplier. This all worked out great – until automotive software takes over the vehicle.

This vertical structure made perfect sense in the past when the automotive E/E architecture consisted of independent parts and domains. However, we are now approaching a different era of in the automotive supply chain where, fueled by the growing need for connectivity and automation, in-vehicle systems are becoming more and more sophisticated and interconnected, with software now acting as a core component of the vehicle. 

OEMs today are beginning to realize that the conventional manufacturing model no longer serves its purpose in the new era of software-defined vehicles. And with more and more EV startups entering the manufacturing game, conventional OEMs may need to redefine their supply chain to incorporate software development and cross-domain cooperation.

Growing Complexity of the Automotive Software Supply Chain

Name any car feature – more likely than not it is enabled by software. The modern vehicle runs on electronic systems and software that are stitched together to communicate with each other via the in-vehicle network. A typical vehicle today consists of up to 150 electronic control units (ECU), which are essentially minicomputers equipped with processors. System software needs to be embedded in each of these ECUs to control a particular domain of functions, such as powertrain, sensor, and infotainment.

As such, it would be an understatement to refer to the software-defined vehicle as “a computer on wheels.” A more accurate description would be “a computer network on wheels.” That’s because today’s vehicles run an average of 100 million lines of code. That is two to three times that of a PC operating system. And in fact, the level of complexity will only increase as more and more automated features and security systems are incorporated.

Under the current software supply chain structure, software vendors supply software development kits (SDK) and modules to chipmakers, which supply the chips (e.g., ECUs) to OEMs or Tier 1 suppliers, who then stitch all these chipsets onto the parts and components, putting them in place within the in-vehicle network. However, most OEMs have very little experience in software integration. Although vehicular software has been around for decades, nothing was at the magnitude and complexity of the software structure today.

Moreover, OEMs and Tier 1 suppliers are accustomed to the vertical supply chain structure. Many are overwhelmed by this growing need for direct external communications and cooperation.

Therefore, just like what many with a strategic mind would do, OEMs are outsourcing the work.

The Emergence of Software Providers and the Need for Cybersecurity

Due to the sheer volume and quick influx of software components, many OEMs choose to outsource software integration to a comprehensive software provider, acting as a “Tier 1 software supplier.” Many existing Tier 1 suppliers have seen this as an opportunity to expand their software division, and because of this many OEMs have chosen to establish or acquire their own dedicated software provider. Some take it a step further by making plans to establish a proprietary operating system and platform where all applications can be developed on. CARIAD from the Volkswagen Group is one such example. As the dedicated software provider for the Volkswagen Group, the company has announced plans to release the Volkswagen Operating System.

It might be tempting for OEMs to maintain their old way of doing things by having software providers take charge of all software integration, while focusing solely on inventory management, assembly, and quality control. However, the new supply chain landscape isn’t as straightforward, with quality control being the key difference. 

While hardware components are very easy to standardize and inspect, rules are different in the software game. Since there exists a cybersecurity risk in every connected computer – in the age of connected vehicles, software and cybersecurity must come hand in hand. This means that a large part of software quality control is making sure that it is free of vulnerabilities and flaws that may hinder its functionality and pose a cybersecurity risk. To do so, every piece of software needs to be rigorously tested prior to the release of a vehicle batch.

Additionally, similar to how OEMs are responsible for issuing hardware recalls, regulations are now holding OEMs accountable for software cybersecurity mismanagement and loopholes. The UN R155/R156 regulations set out by UNECE WP.29 mandate that all OEMs maintain an automotive cybersecurity management system (CSMS) and a software update management system (SUMS) for their vehicle fleets. This means that even after a vehicle is passed onto the consumer, software performance must be continuously managed, monitored, and updated and patched in real-time.

The bottom line: whether it is the OEM or the software provider in charge, the OEM will ultimately be responsible for cybersecurity management.

The Importance of Cooperation for Secure Software Implementation

At the end of the day, the jobs of both the OEM and software provider are to ensure that cybersecurity risk within the automotive ecosystem is well managed and minimized. However, this should not be taken lightly because cybersecurity management isn’t simply about buying security software from vendors and installing it into the systems.

In the sophisticated automotive software ecosystem, security measures must be incorporated and custom-built in the manufacturing process to ensure both secure implementation and cross-region interoperability.

Therefore, both OEMs and software providers must take an active role in cybersecurity and cooperate with firms specializing in automotive cybersecurity to facilitate secure software integration and implementation across all domains, from the embedded systems within a vehicle to the vehicle-to-everything (V2X) connections for autonomous driving and vehicle-to-grid (V2G) applications for EV charging.

The takeaway is this: the automotive industry has entered a new era – an era where value is no longer added step by step through vertical supply chains but generated from horizontal cooperation, and an era where the automobile is no longer a product, but a combination of services stacked on wheels.

To succeed in the new era of smart mobility, cooperation is the key.

To learn about how AUTOCRYPT’s in-vehicle systems (IVS) security solutions can help OEMs secure software integration and connectivity, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

10 November, 2022 . 6 mins read

Vehicle Cybersecurity by Design: A Look at NHTSA’s 2022 Cybersecurity Best Practices

As more and more software components and connected technologies make their way into vehicles, cybersecurity has rapidly become a crucial aspect of vehicle design, manufacturing, and maintenance. However, in the century-old automotive industry, cybersecurity can be an unfamiliar field of expertise. Many automotive OEMs have found it challenging to implement security by design and integrate vehicle cybersecurity into functional safety.

To promote standardized practices in vehicle cybersecurity, the National Highway Traffic Safety Administration (NHTSA) – the United States’ federal agency dedicated to transport safety – drafted a guideline in 2016 on Cybersecurity Best Practices for the Safety of Modern Vehicles. The guideline helps automotive OEMs and suppliers establish a set of procedures to minimize cybersecurity risks and effectively manage threats throughout the vehicle lifecycle.

NHTSA’s guideline is centered around the voluntary standard of ISO/SAE 21434: “Road Vehicles – Cybersecurity Engineering”, a vehicle cybersecurity standard co-published by the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE). Although compliance with the standard isn’t enforced by law like the United Nation’s R155 and R156 set out by UNECE WP.29, most automotive OEMs across the globe refer to ISO/SAE 21434 as a guide to establishing a secure procedure for vehicle manufacturing and post-production management.

In September 2022, NHTSA published the finalized version of the Cybersecurity Best Practices guideline, five years after the initial draft was released in 2016. The updated guideline contains more detailed descriptions of implementing appropriate cybersecurity procedures with respect to an OEM’s corporate process, as well as modifications based on the feedback and comments provided by industry experts.

Most importantly, the finalized Cybersecurity Best Practices contains updates to reflect the finalized version of ISO/SAE 21434, which was still under development when the 2016 draft was released.

A Summary of Key Practices Outlined by NHTSA

NHTSA’s Cybersecurity Best Practices contains a comprehensive corporate guide from as broad as leadership priorities and employee education to as specific as technical manuals on cryptographic techniques and credentials. In this blog, we extract some of the key practices relating to the establishment of vehicle cybersecurity by design, along with some of AUTOCRYPT’s tips that can help save corporate resources during the implementation process.

The Importance of Security by Design

Speaking of cybersecurity, most people tend to think about cybersecurity systems and tools like firewalls and threat detection software. However, the scope of cybersecurity in the IoT age stretches beyond these traditional definitions. For the automotive industry in particular, cybersecurity isn’t simply about threat detection and response, but covers an end-to-end process that begins from a vehicle’s development stage all the way to its everyday usage in the consumer’s hand. Therefore, a vehicle must be designed and developed with security in mind, and an OEM must continuously monitor and manage threats throughout the entire lifecycle of the vehicle.

Below is a summary of NHTSA’s suggested practices for achieving cybersecurity by design.

1. Risk Assessment and Removal

To incorporate vehicle cybersecurity by design, risk assessment must be performed at an early stage of a vehicle’s development process. This is done by evaluating a vehicle’s potential entry points from a threat actor’s perspective, predicting their motives and intrusion methods, then listing out the risks the vehicle faces. Of course, it can be difficult to pinpoint all prospective risks at an early stage. Hence this assessment should primarily focus on identifying risks that could potentially threaten the safety of passengers and other road users.

Our Tip: Cybersecurity risk assessment should be conducted by a team of security experts that specialize in automotive systems and architecture. To fill this gap, AUTOCRYPT provides Threat Assessment and Remediation Analysis (TARA) to automotive OEMs, generating an accurate assessment of the potential risks of a vehicle model. A professionally conducted TARA enables an OEM to make early adjustments to its system design and architecture to remove safety-critical risks, creating a solid foundation to build upon.

2. Security Testing and Vulnerability Identification

At the next stage, NHTSA recommends a full evaluation of both commercial off-the-shelf (COTS) and open-source software components used in embedded vehicle systems such as ECUs. This allows the OEM to identify all known vulnerabilities in their software. After known vulnerabilities are removed and patched, fuzzing and penetration testing should be conducted to further eliminate any zero-day vulnerabilities and software development flaws. To enable security by design, automotive OEMs need to ensure that their vehicles are vulnerability-free before moving into mass production.

Our Tip: AUTOCRYPT offers a range of advanced cybersecurity testing tools and solutions for manufacturers to identify flaws and vulnerabilities within their systems. Starting from AutoCrypt® Security Analyzer, which utilizes an SBOM (Software Bill of Materials) approach to scan the source code and break down the components of open-source software by different units of analysis, enabling accurate patching with minimal modifications required. This is followed by AutoCrypt® Security Fuzzer, which feeds the tested system with randomly generated, invalid, and unexpected inputs in an attempt to trigger errors and expose its vulnerabilities. Lastly, AUTOCRYPT’s security validation experts conduct penetration testing on the targeted program to eliminate any remaining flaws and vulnerabilities.

3. Monitoring, Containment, Remediation

After all the preventative measures are implemented, an OEM needs to integrate a set of security monitoring and management systems into the vehicle architecture. The NHTSA emphasizes that automotive OEMs must maintain their capability to monitor, contain, and respond to any attacks against their vehicle fleet after they are sold to consumers, with rapid incident detection and remediation capabilities being of paramount importance. This means that when a cyberattack occurs, the OEM must be able to detect it in real-time and prevent it from causing any safety-related impacts to its vehicle fleet.

Our Tip: An effective intrusion detection and prevention system (IDPS) should be equipped on every vehicle to defend it from all types of intrusions and internal threats. AutoCrypt® IVS is an advanced firewall for in-vehicle systems, capable of detecting any signs of intrusion and contain them from spreading inside the vehicle. To make things more visible for the OEM, all this fleet information can be visually monitored and managed on AUTOCRYPT’s Vehicle Security Operations Center (vSOC).

The Growing Importance of Vehicle Cybersecurity

Legally speaking, even though NHTSA’s Cybersecurity Best Practices and the ISO/SAE 21434 standard are not enforced as of today, they are extremely helpful to OEMs that want to succeed in the market of software-defined vehicles. Putting legalities aside, since many embedded systems inside a vehicle are directly related to its physical functionality, vehicle cybersecurity and functional safety are no longer separable, with cybersecurity becoming a crucial evaluation criterion for quality. Therefore, whether it is for regulatory compliance or quality assurance, OEMs and software providers must work together with cybersecurity providers to implement security by design and pave a safe future for every road user.

To learn more about AUTOCRYPT’s in-vehicle systems (IVS) security solutions and offerings, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

8 November, 2022 . 2 mins read

Mobility Cybersecurity Firm AUTOCRYPT Selected as Winner of 2022 Red Herring Top 100 Global

SEOUL, KOREA, Nov. 8, 2022 — AUTOCRYPT, an industry leader and pioneer in automotive cybersecurity and connected mobility solutions, announced that it has been chosen as a winner in the 2022 Red Herring Top 100 Global awards program. The company has been recognized for its innovation and competence in securing connected mobility, as well as its contribution to Cooperative Intelligent Transport Systems (C-ITS) and autonomous driving.

The Red Herring Top 100 Global list recognizes outstanding startups and private enterprises from North America, Europe, and Asia, with an emphasis on transformative technologies. Red Herring editors were among the first to recognize the potentials of companies like Facebook, Twitter, Google, Yahoo, Skype, Salesforce, YouTube, and eBay.

AUTOCRYPT was established in 2019 after spinning off from South Korean cybersecurity powerhouse Penta Security, where it began as a connected car cybersecurity solution in 2007. Throughout nearly two decades of R&D in mobility-oriented encryption, PKI, and intrusion detection technologies, AUTOCRYPT has grown to become one of the world’s top five providers in securing V2X communications, embedded vehicle systems, and Plug&Charge applications for EV charging.1

Daniel ES Kim, CEO of AUTOCRYPT, commented, “It’s an honor to be recognized as one of the top 100 innovative startups in the world. We believe that bringing secure connections to the mobility ecosystem will substantially enhance road safety, traffic efficiency, and environmental sustainability.”

Three years since its establishment, AUTOCRYPT has grown from a small team of 20 to a mid-size company of nearly 300 employees. It has so far received a cumulative investment of over $40 million, sitting at a current valuation of above $120 million.

“After rigorous contemplation and discussion, we narrowed our list down from hundreds of candidates from across the globe to the Top 100 winners,” said Alex Vieux, CEO and Publisher of Red Herring. “We believe AUTOCRYPT embodies the vision, drive, and innovation that define a successful entrepreneurial venture. AUTOCRYPT should be proud of its accomplishment as the competition was very strong.”

AUTOCRYPT’s competence and potential have been acknowledged time after time by market watchers and venture capitalists. In 2021, AUTOCRYPT was listed by Forbes Asia on its “100 to Watch” list.

For more information regarding AUTOCRYPT’s mobility cybersecurity solutions and offerings, contact global@autocrypt.io.

1 MarketsandMarkets. “V2X Cybersecurity Market – Global Forecast to 2025”.

1 November, 2022 . 5 mins read

Spotlight: V2X Interoperability Testing at OmniAir Costa del Sol Plugfest

In this blog, Vice President of Autocrypt North America, Martin Totev, takes us to OmniAir Consortium’s Costa del Sol Plugfest in Malaga, Spain, held between October 24 and 28, where AUTOCRYPT provided its SCMS certificates for the testing environment.

Interoperability Across the V2X Ecosystem

Cooperative Intelligent Transport Systems (C-ITS) are making road mobility increasingly connected and adaptive, linking vehicles with road infrastructures and pedestrians, and enabling them to cooperate with one another in real-time through V2X (vehicle-to-everything) communications. Yet, although the idea might seem straightforward, industry players and regulators have been putting tremendous effort into establishing V2X interoperability, ensuring that vehicles, smart devices, and infrastructures built by different manufacturers across various domains can seamlessly communicate with each other.

How is interoperability established? At the baseline, all manufacturers must follow a set of standards and protocols for each relevant use case. These protocols are often established by regulators and industry associations. For instance, the two major technical protocols for V2X communications include WAVE (Wireless Access in Vehicular Environments) by IEEE and C-V2X (cellular V2X) by 5GAA. As such, manufacturers of onboard units (OBU) and roadside units (RSU) need to ensure that all their end-entities within a V2X environment comply with the same protocol to enable reliable message transmission.

Similarly, the technical standard for electric vehicle charging is outlined in ISO 15118, which defines the architecture for Plug&Charge (PnC) and V2G (vehicle-to-grid) bidirectional charging, providing a set of consistent specifications and guidelines for OEMs, charger manufacturers, and charge point operators (CPO) to promote a seamless EV charging ecosystem.

Why Protocols Aren’t Enough: The Need for V2X Interoperability Testing

Simply because two manufacturers follow the same standard or protocol, it doesn’t necessarily guarantee that their devices will be perfectly compatible with each other under actual implementation. As a simplified example, the standard for a universal plug may specify the width but lacks specification on the length, resulting in plugs with different lengths being incompatible despite adhering to the same standard. In practice, incompatibility issues can be much more complex, arising from a variety of underlying factors that can be difficult to pinpoint.

Given that the V2X ecosystem involves a wide range of end-entities across different domains, interoperability testing is necessary prior to mass deployment. These tests are usually conducted at a plugtest (or plugfest), which invites all relevant manufacturers to deploy their vehicles and devices in combined scenarios.

OmniAir Plugfest

OmniAir Consortium is one of the most influential associations in the C-ITS industry. It specializes in promoting interoperability between different connected entities within the V2X ecosystem, including the vehicle itself, onboard units (OBU) and roadside units (RSU), embedded communication modules, and security modules and SCMS backends.

OmniAir Consortium regularly organizes interoperability testing events—known as OmniAir Plugfests—to provide a platform for industry participants to test the cross-domain interoperability of their connected mobility technologies and devices. The most recent Costa del Sol Plugfest was held between October 24 and 28 in Malaga, Spain.

Opening ceremony of the Costa del Sol Plugfest

A wide range of bench tests were performed at the Costa del Sol Plugfest, including those involving V2X modules, message encryption, V2X-PKI certificates, SPaT message transmissions, and MAP message transmissions. Specific use cases like red light violation warning, emergency vehicle preemption, lane closure warning, curve speed warning, and many more, were tested on the field. One of the industry’s major testing and inspection firms, DEKRA, provided its testbed for the event.

As one of the more than 60 associate members of the OmniAir Consortium, and a C-ITS cybersecurity provider specialized in securing V2X connections, the AUTOCRYPT team headed to Malaga to participate in the plugfest by providing AUTOCRYPT’s SCMS certificates to the devices tested at the event.

The AUTOCRYPT team testing our SCMS certificates at Dekra’s testbed

Is C-V2X Ready?

Vice President of Autocrypt North America, Martin Totev, presented at a panel session discussing whether C-V2X is ready to be deployed for commercial use. Martin expressed his optimism on C-V2X commercialization and stressed a step-by-step deployment approach. “It doesn’t need to be mass deployment and autonomous driving straight away,” said Martin. “We can begin by deploying them in vehicles first, then intersections with frequent accidents, gradually enhancing road safety and saving lives in the long run.”

Martin also pointed out the importance of cybersecurity in V2X. “Although interoperability testing is crucial, it only marks the beginning of a continuous improvement process. In fact, more commercial deployments are needed so that security and SCMS providers like AUTOCRYPT can continuously enhance its regional security policies and strengthen its definitions for misbehaviours.”

VP of Autocrypt North America, Martin Totev, speaking about C-V2X deployment

AUTOCRYPT’s Pivotal Role in the V2X Ecosystem

AUTOCRYPT specializes in securing V2X communications. Given that vehicles rely on V2X messages for judgment and decision-making, the validity of these messages is critical to the safety and functionality of cooperative autonomous driving.

AUTOCRYPT secures V2X communications using both encryption and authentication technologies. On the frontend, a security module is embedded into each end-entity to encrypt and decrypt messages by referring to a list of SCMS certificates stored in a Local Certificate Manager (LCM). At the backend, its SCMS architecture enables the proper issuance, revocation, and verification of certificates, ensuring message validity and privacy.

To learn more about AUTOCRYPT’s V2X security solutions, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.