Author: AUTOCRYPT

28 October, 2024 . 5 mins read

Smart Automotive Fuzzing: Tools & Techniques to Speed Up Testing

Securing complex automotive systems from cybersecurity threats has become essential as connected and autonomous vehicles proliferate. The shift in the industry is mirrored by regulatory bodies enforcing cybersecurity measures across the board. As the standards for cybersecurity grow, fuzz testing has emerged as a powerful tool that helps manufacturers meet cybersecurity demands.

Traditional fuzz testing methods are often labor-intensive and struggle to keep pace with modern vehicles’ intricate software structures. Fortunately, cybersecurity testing technology has evolved in the past years. Advanced fuzzing techniques, like smart and automated fuzzing, are transforming automotive cybersecurity testing—reducing time-to-market, enhancing system resilience and overall vehicle safety, all while helping achieve regulatory compliance. This article will discuss the latest tools and technologies enabling smart automotive fuzz testing.

Overview of Fuzzing in Automotive Systems

As vehicles become more software-driven, their internal structures consisting of millions of lines of code are turning exponentially complex. That is why fuzz testing is essential for cybersecurity evaluation of automotive systems.

Fuzz testing, or fuzzing, is a cybersecurity technique where random or unexpected data is injected into a program to discover bugs, code discrepancies, and hidden vulnerabilities. Fuzzing helps uncover zero-day vulnerabilities that traditional testing methods may miss.

Challenges of Traditional Automotive Fuzz Testing

Despite its importance, traditional fuzz testing faces several challenges in the automotive sector.

Modern software-defined vehicles contain numerous interconnected systems, such as CAN, LIN, and Ethernet networks, that communicate with various sensors and external devices. This complexity makes it difficult to comprehensively assess the resilience of all vehicle components using a traditional fuzz test, resulting in incomplete coverage of potential vulnerabilities.

In addition, traditional fuzz testing often requires a manual process of inputting random data and observing system responses. This time-intensive approach requires round-the-clock labor and can delay development timelines, especially when testing complex systems where the number of test cases increases exponentially.

Smart Automotive Fuzzing: A Game Changer

Fortunately, vehicle cyber security testing tools have progressed with time and now incorporate advanced features like smart fuzzing. Smart automotive fuzzing is an innovative approach that leverages artificial intelligence (AI) and machine learning (ML) to make fuzz testing more efficient. This type of advanced testing uses data-driven methods to generate more targeted inputs, mixing and inputting test cases generated by multiple algorithms. This significantly improves test coverage while reducing the time required for testing.

AI-driven fuzzing tools use feedback mechanisms to learn from previous test iterations, adapting them to focus on high-risk areas of the system. For example, smart fuzzers record the outputs from previously conducted fuzz tests and use these results for subsequent rounds of test case generation. This ensures a more comprehensive assessment of critical vulnerabilities.

For instance, AutoCrypt Security Fuzzer uses a logical test case modeler to generate logic-based semi-random inputs tailored to the system being tested. The tool automates the creation of test cases based on the protocols and specifications of the target system. This ensures that only relevant test cases are generated, drastically reducing the need for manual intervention and saving valuable time. Employing an advanced judgment logic, the testing tool continuously monitors the vehicle system to detect failed cases.

Automatic ECU Status Recovery

One of the most time-consuming aspects of traditional fuzz testing is the need for manual system recovery after a failure or crash. Smart automotive fuzzing tools address this with automatic ECU status recovery, which allows for continuous system fuzzing.

Besides saving time, this feature helps minimize manual work during vulnerability testing, which consequently reduces operating expenses for manufacturers. Once a test target is selected, there is no need for manual input until fuzzing is complete. If a vulnerability or bug is detected, the system automatically records the issue and resets back to the original ECU status, continuing the fuzz testing process. For instance, the AutoCrypt Security Fuzzer automatically issues commands like “ECU reset” or “DTC clear” to restore the system to its original state.

Impact on Cybersecurity Testing and Regulatory Compliance

Employing smart automotive fuzzing tools accelerates and automates vehicle testing while maintaining thorough coverage of all components and ensuring comprehensive cyber security testing for regulatory compliance.

The ISO/SAE 21434 standard, for example, emphasizes the need for OEMs to integrate fuzz testing into their DevOps processes to ensure vehicle software security integrity. By automating fuzz testing, manufacturers can cover a wider range of potential vulnerabilities and comprehensively test the system against threats with minimum down time.

While UN R155 regulation does not specifically mandate vehicle fuzz testing, it emphasizes the importance of ensuring robust cybersecurity measures across vehicle software and embedded systems by requiring an automotive cybersecurity management system (CSMS).

To meet these requirements, OEMs and their suppliers must show that they have implemented rigorous risk assessment methods for uncovering vulnerabilities, which often includes fuzz testing as a practical approach. By using fuzz testing to stress-test vehicle components and communication protocols, manufacturers can better demonstrate that they have mitigated potential security risks in line with UN R155 guidelines.

Automated fuzzing provides a robust feedback mechanism that allows engineers to detect and address security gaps early in the development cycle. By doing so, manufacturers can improve vehicle safety while reducing the overall cost and complexity of software development.

Smart and automated fuzzing tools are revolutionizing the way manufacturers test and secure vehicle systems, making the process faster and more efficient. With innovations like AI-driven fuzzing and automatic ECU recovery, smart fuzz testing helps close security gaps while speeding up time-to-market.

Incorporating smart automotive fuzz testing into the development pipeline not only improves security but also ensures compliance with emerging regulations, making it a critical tool for the future of automotive cybersecurity. By embracing these advanced techniques, manufacturers can protect their vehicles—and their customers—against evolving cyber threats.

To see the AutoCrypt Security Fuzzer in action request a free trial license.

To learn more about AUTOCRYPT’s vehicle cybersecurity testing measures and cybersecurity regulation compliance consulting services, contact global@autocrypt.io.

4 September, 2024 . 4 mins read

Misbehavior Detection for the V2X Communication Ecosystem

The Vehicle-to-Everything (V2X) ecosystem runs on a secure, decentralized certification system utilizing public key infrastructure (PKI) technology. Standardized as the Security Credential Management System (SCMS), the system ensures that every V2X end entity is given a unique set of digital certificates, generated and distributed by multiple layers of independent certification authorities (CA). These V2X end entities, including the onboard units (OBU) installed in vehicles and the roadside units (RSU) connected to points of road infrastructure, use their private key to sign off messages sealed with their certificates.

Such a PKI framework ensures trust in V2X communication by validating messages’ authenticity and integrity. “Authenticity” implies that the message’s sender is truly who they claim to be, while “integrity” signifies that the message has not been altered during transmission.

 

Message accuracy: the limitation of PKI

Although the PKI guarantees end-to-end security for all V2X communications, it does not exert control beyond the communication endpoints. Due to this limitation, the PKI is not capable of validating the content of messages, such as, whether the message contains accurate information about the vehicle and its environment. For instance, if a car is broadcasting a V2X message stating that it is traveling at 60 km/h while it is in fact traveling at 80 km/h, detecting this discrepancy is beyond the PKI’s capability. Given that vehicles rely on these V2X messages to make decisions on the road, it is crucial to ensure that all information is accurate.

There are a couple of potential reasons behind an inaccurate V2X message. The first involves a hacked vehicle. A malicious road user might hack into their vehicle to purposefully create false or misleading messages in order to cause changes in traffic in their favor. An external hacker could also do so to manipulate traffic. Although hacking into a vehicle is extremely difficult to accomplish given the sophisticated security measures, it does pose a potential risk to the V2X ecosystem.

Another factor there could lead to an inaccurate message is that a vehicle’s internal systems might be experiencing a malfunction that results in incorrect signals given to its OBU. Although no malicious actions are involved, it is still considered misbehavior and poses a threat to its surrounding environment.

 

The need for misbehavior detection for V2X

To minimize the risk of false messages, a misbehavior detection mechanism needs to be implemented in the SCMS ecosystem so that potentially malicious users can be removed from the V2X ecosystem immediately.

How is this done? AUTOCRYPT’s misbehavior detection solution, AutoCrypt® MBD, is deployed in both the end entity and the PKI server. The LMBD (local MBD) is embedded in the OBUs, screening all incoming messages for anomalies. The GMBD (global MBD), situated in the SCMS server, receives the list of flagged certificates from the LMBD, allowing the misbehavior authority (MA) to review and revoke the respective certificates. Once a certificate is revoked, it is added to the certificate revocation list (CRL) and distributed back to the LMBD so that the certificate is no longer recognized in the V2X ecosystem.

 

autocrypt mbd

 

Although there has been no universal standard or agreement on what constitutes misbehavior, some common signs of misbehavior include:

  • Attempting to use expired or invalid certificates
  • Mismatched signature (private key)
  • Unintelligible data (time, location, speed, et cetera)

AutoCrypt® MBD periodically updates its list of misbehaviors to address the latest threats, adding a final layer of security for the V2X ecosystem.

To learn more about AUTOCRYPT’s secure V2X solutions and services for C-ITS, check out Secure V2X Communications.

26 August, 2024 . 3 mins read

EV Charging: Balancing Battery Health, Charging Time, and Range

Electrify America, one of the largest charge point operators in the US, recently announced a new electric vehicle (EV) charging policy to curb charge hogging. The company stated that they will start penalizing customers who charge their vehicles beyond 85% at Electrify America fast chargers. According to the CEO’s statement, charging will stop at 85 percent, and if drivers don’t unplug their EVs within a 10-minute grace period, they’ll be billed extra for idle time. 

The response to the new policy has been divergent, with some arguing that the policy will help resolve crowding at charging stations, and others questioning whether it is okay for a company to ration battery power. Regardless of the public perception of the news, we would like to discuss some charging best practices outlined for EV owners.  

The 20/80 rule  

The general rule of thumb for EV charging is to keep the vehicle’s energy levels in the 20-80% range. While this is not a strict requirement, there are several reasons why this range has become standard practice: 

EV Battery Health 

Keeping the vehicle energy levels in the 20-80 percent range is considered the most optimal for battery health. This is a safe range that ensures that the battery operates in balanced conditions. Going beyond this range may put extra strain on the EV battery, which is fine occasionally, but has negative effects on battery performance if done consistently.  

Charging Time Efficiency 

Realistically speaking, charging up from 80% to 100% will take around the same time, if not more, than getting to that first 80% mark. This is because the rate at which an EV battery charges is not uniform, charging speed slows down significantly as you pass the 80% threshold. So, charging until 80% is simply more time-efficient.  

Range 

While there aren’t any immediate performance issues associated with charging over 80%, dipping below 20% may not be wise in a practical sense. Imagine you are driving to a destination with 45% of your battery capacity. Navigation says you will need about 35% of your battery to get to your destination. But navigation calculations may not always be correct, sometimes underestimating the amount of energy needed to make it from point A to point B, especially because energy consumption also depends on driving and weather conditions. So, to avoid range anxiety it is often recommended to keep vehicle battery levels above 20%. Once again, occasional deviations are totally fine.  

While widespread, the 20/80 rule is a rule of thumb. Therefore, it is always advised to follow the guidelines of your respective vehicle manufacturer regarding charging best practices. After all, different vehicles function differently and the manufacturers that created the vehicle will indeed know best.  

Going beyond the recommended battery level range on occasion should not alter battery performance. So, if you have a long road trip planned do not fret about fully charging your battery. EV batteries are sophisticated pieces of hardware designed to withstand various conditions. However, be aware that subjecting the battery to constant strain by frequently keeping energy levels above 80 or below 20 may speed up the battery wear and tear process, which means that you may need a repair or a replacement earlier than anticipated. 

All in all, electric vehicles and their batteries need to be treated with appropriate care to ensure longevity and optimal performance.  

To keep informed on the latest developments in mobility tech subscribe to AUTOCRYPT’s monthly newsletter. 

16 July, 2024 . 5 mins read

Enhancing Public Charging Stations with Plug & Charge

ISO 15118 – a seemingly obscure collection of letters and numbers – signifies one of the most progressive standards in electric vehicle (EV) charging. The ISO 15118 standard, formally known as “Road Vehicles – Vehicle to Grid Communication Interface,” establishes the communication protocol between a vehicle and the charging grid. This standard laid down the foundation for Plug & Charge (PnC), a feature that establishes encrypted communication between an EV and a charging station.

While the technology has not been mandated by any government yet, many prominent charge point operators (CPO) and vehicle manufacturers are implementing it. This article will dive into how implementing Plug & Charge would elevate public charging stations to the next level, offering numerous benefits and opportunities for the industry.

Plug & Charge and Cybersecurity

With Plug & Charge the often multi-step charging process becomes as simple as plugging in your EV to the charger. The ISO 15118 protocol enables a seamless charging process where a charger can automatically identify and verify a plugged-in vehicle, authenticating the charging process and processing the payment without human intervention.

This technology requires a high level of communication between vehicles and infrastructure which may raise concerns about security. It is important to note that Plug & Charge was designed with cybersecurity at its core. The technology uses public key infrastructure (PKI) based cryptographic mechanisms to enable two-way authentication and end-to-end encryption during the charging process. By using asymmetric cryptography – a pairing of a public and private security key, neither of which can be decrypted without the other – the charging station is able to verify an EV’s identity and vice versa. This level of encryption guarantees confidentiality in every exchange, creating a secure environment for EV drivers to charge their vehicles without worrying about cyber attacks or data breaches.

Improved User Experience

Plug & Charge significantly improves user experience by making the entire charging process seamless. EV owners set up their payment and authentication information during vehicle purchase and this information is automatically communicated to the charger when the car is plugged in.

In the modern world, where hassle-free is king, public charging stations can generate a lot of value by implementing the technology. Considering how charging is one of the biggest obstacles to EV adoption rates, improving charging experience is one of the sure ways to aid adoption.

According to a survey conducted by BCG, EV drivers ranked charger reliability, charging time, and ease of use among their top priorities when charging in public. Charging stations that implement Plug & Charge to enhance performance on these metrics will improve their competitiveness, simultaneously raising the overall standard for public charging user experience.

Path Toward V2G Implementation

Apart from instant benefits, implementing Plug & Charge creates a foundation for further technological improvements. Most importantly, it paves the way for Vehicle-to-Grid (V2G) implementation. ISO 15118 is designed for vehicle-to-grid communications and grid optimization. Integrating Plug & Charge in public charging stations will equip the infrastructure with the necessary technology for smart charging applications.

Why is this important? The smart charging mechanism in ISO 15118 allows for sustainable management of energy supplied through the grid. It does that by matching the grid’s capacity with the energy demand of electric vehicles plugged in to the grid. This optimization allows vehicles to charge during periods of high energy availability or when overall electricity usage is low, reducing strain on the electricity grid and promoting sustainable energy usage. The benefits of this technology will only grow as EV adoption rates rise with time.

Another feature outlined in ISO 15118 is bi-directional charging, which allows vehicles to receive and supply energy from and back to the grid. This benefits both the grid and EV owners. On the grid side, electric vehicles can serve as mobile energy storage units that supply electricity back to the grid during periods of high demand. On the customer-side, it offers EV owners a chance to earn extra cash or energy credits by selling electricity back to the grid. Bi-directional charging creates a symbiotic relationship between the electricity grid and electric vehicles, helping maintain balance and energy efficiency.

Implementing Plug & Charge in public charging stations presents a significant opportunity to enhance the EV charging experience. High level of cybersecurity, seamless charging process, and readiness for V2G integration make Plug & Charge a valuable investment.

As a trusted PnC implementation partner, Autocrypt worked closely with various CPOs and OEMs to deploy secure PnC. Recently, Autocrypt joined forces with Emobi, a US-based e-mobility hub, to launch the first US-based PnC ecosystem.

As the demand for EVs continues to grow, the adoption of standards like ISO 15118 and features like Plug & Charge will be crucial in supporting the sustainable and efficient expansion of EV infrastructure.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

8 July, 2024 . 3 mins read

Revolutionizing EV Charging: Emobi and Autocrypt Unveil First US-based Plug & Charge Ecosystem Powered with AI

SAN FRANCISCOJuly 8, 2024 — Emobi and Autocrypt today announced the first US-based Plug & Charge ecosystem, set to revolutionize electric vehicle (EV) charging with artificial intelligence (AI).

In June 2023, Autocrypt, a global leader in automotive cybersecurity, partnered with Emobi, a US-based e-mobility hub, to develop a secure communication framework for EVs and charging stations based on ISO 15118-2 and ISO 15118-20 standards. The collaboration has focused on building a robust Public Key Infrastructure (PKI) utilizing fine-tuned AI and machine learning models to address errors and data inconsistencies prevalent in traditional Plug & Charge systems.

The Plug & Charge ecosystem enables EV drivers to start charging at any station simply by plugging in their vehicle. Through asymmetric encryption technology, the chargers automatically identify the EV and securely process the payment of the EV charging session. Unlike other Plug & Charge services, this is the first Plug & Charge ecosystem headquartered in the United States, ensuring data security and compliance with the US government. Additionally, it features an intelligent error-handling system that addresses edge cases in ISO 15118 standards, setting a new benchmark for the industry.

Throughout this collaboration, Emobi has worked closely with the U.S. Department of Energy (DOE) Argonne National Laboratory to ensure that findings from this ecosystem contribute to the National Charging Experience (ChargeX) Consortium, funded by the Joint Office of Energy and Transportation of the United States.

“Security in EV charging infrastructure enhances openness while providing better control,” said Sean HJ Cho, President of Autocrypt North America. “By combining our PKI technology with Emobi’s expertise in AI and machine learning, we are bringing a secure yet innovative Plug & Charge solution to market, creating an unrestricted charging environment that ensures convenience, precision, and security throughout the entire charging and payment processes.”

Lin Sun Fa, CEO of Emobi, added, “The focus is to enable EV automakers, charger operators, and e-mobility service providers to continue building their products without being hindered by edge cases and constantly evolving standards. We are leveraging AI and Autocrypt’s PKI technology within the existing ISO 15118 standards, ensuring ease of implementation while improving charging infrastructure quality and security.”

About Autocrypt Co., Ltd.

AUTOCRYPT is the industry leader in automotive cybersecurity and connected mobility technologies. The company specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and mobility platforms, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides consulting and testing services along with custom solutions for UN R155/156 and ISO/SAE 21434 compliance.

About Emobi

EMOBI is the EV charging ecosystem that powers hundreds of e-mobility businesses with AI. The ecosystem offers instantaneous access to a vast network of EV charging networks and e-mobility partners, while ensuring superior data quality through its refinement models. With over 120,000 connected charging ports in the United States and Canada, Emobi has established itself as the largest roaming hub in North America powered with AI. In addition, Emobi has garnered trust in the e-mobility market, advising leading EV manufacturers, e-mobility enterprises, startups, utilities, and esteemed U.S. Government Agencies like the Department of Energy (DoE) and the Department of Transportation (DoT).

3 July, 2024 . 5 mins read

High-Precision V2X Positioning: Why Centimeter-Level Accuracy Matters

In the rapidly advancing field of automotive technology, Vehicle-to-Everything (V2X) communication is becoming a cornerstone for future transportation systems. A fundamental element in V2X is positioning, which involves recognizing a vehicle’s absolute and relative positions concerning other surrounding objects. This article delves into why achieving high-precision positioning is crucial in V2X communication, the technologies enabling centimeter-level accuracy, some applications that benefit from such precision, and technology development considerations.

Importance of Achieving High-Precision Positioning in V2X Communication

The value proposition of V2X technology lies in road safety and road-traffic optimization. And while the technology has come a long way there is still some room for growth. To maximize the benefits of V2X the technology must achieve high-precision positioning.

One of the most proposed use cases of V2X, autonomous driving, requires a very high level of positioning accuracy because even minor errors can lead to fatal accidents. The goal of the industry is to provide precise and reliable positioning that ensures that autonomous vehicles can navigate safely and efficiently at any time in any environment.

Technologies Enabling Centimeter-Level Accuracy

Common positioning technology like Global Navigation Satellite System (GNSS) is already widely used in V2X positioning. While GNSS is exceptional at pin-pointing a car’s location in an open landscape, it is not suitable for congested urban environments with tall buildings and tunnels, where signal blockages often occur. Therefore, supplementing GNSS or employing more sophisticated technology is a crucial step to ensuring high-accuracy positioning in V2X.

Several technologies contribute to achieving centimeter-level positioning accuracy:

Cellular Positioning uses the cellular network to exchange dedicated positioning signals. Cellular networks offer more precise positioning than GNSS but are limited by geographical coverage.

Inertial Navigation System (INS) uses motion sensors and computational units to continuously calculate the vehicle position relative to its corresponding initial position. The major pro is that INS is not dependent on any external information. However, the system performance degrades with time due to the accumulation of measurement errors at each calculation.

Sensors and HD Maps can achieve centimeter-level positioning but are costly and require significant computational power. Sensors offer detailed information about vehicle surroundings but they may malfunction or be disrupted by cyber attacks, meaning that sensors are not always reliable. On the other hand, HD maps offer high-precision positioning and a 360-view of the road, however, the performance is highly contingent on the quality of map data. Furthermore, HD maps perform well only if the physical environment remains unchanged, which is not realistic in growing and ever-changing urban environments.

Each positioning method has its pros and cons. The good news is that they can supplement each other’s weaknesses and offer multiplied benefits, suggesting that a hybrid approach may be ideal. Hybrid Data Fusion Method of Positioning combines data from multiple sources, such as GNSS, INS, cellular networks, and HD maps, to improve positioning performance in V2X applications. By merging data collected from various sources, the final positioning result is more refined, accurate, and reliable than what could be achieved using any single method.

Applications Benefiting from High-Precision Positioning

While not all V2X applications will require high-precision positioning, several V2X use cases significantly benefit from centimeter-level positioning.

High-precision positioning is essential for autonomous driving as it enables vehicles to navigate safely and efficiently in complex road scenarios, maintaining their lane and avoiding obstacles.

In addition, accurate positioning is crucial for systems designed to prevent collisions by alerting drivers to potential hazards in real-time. Anti-collision warnings require robust high-precision positioning, since vehicles need to be able to identify dangers even in the most chaotic and unexpected road conditions.

High-precision positioning is also extremely beneficial for more mundane uses of V2X technology like parking assistance. Systems that assist with parking rely on precise positioning to maneuver vehicles into tight spaces, helping drivers avoid accidents in crowded parking lots.

V2X Technology Development Considerations

There are 2 main requirements and considerations that need to be accounted for in order to achieve consistent, stable, and accurate positioning at all times.

Variable Accuracy Requirements: Different use cases require different levels of accuracy. For example, a pre-crash warning system needs more accurate positioning than a congestion alert. Which means that not every positioning technique will be able to respond to the demands of some applications. Therefore, a larger number of technologies needs to be developed to ensure the required positioning accuracy for more sophisticated V2X use cases.

Cost Considerations: A number of technologies offering centimeter-level positioning, such as sensors and HD maps, require large computational power as well as advanced and expensive technology. At the current stage, one set of technology would not provide the sufficient accuracy for more advanced V2X applications. Hence, implementing and maintaining multi-level systems capable of achieving exceptional positioning accuracy may need a sizable investment at the initial stages of technological advancement. However, as the technology matures the costs will naturally decrease. In addition, the expected benefits of V2X technology, like increased traffic efficiency and reduced road accidents, will generate substantial cost savings down the line.

As the automotive industry advances towards greater automation and connectivity, the importance of high-precision V2X positioning becomes increasingly evident. Centimeter-level accuracy is essential for ensuring the safety, efficiency, and reliability of advanced V2X applications. By leveraging and combining advanced positioning techniques, the industry can achieve the level of precision needed to fully realize the potential of V2X. This progress will pave the way for a safer, smarter, and more connected transportation system.

To stay informed and updated on the latest news about AUTOCRYPT and vehicle-to-everything technology, subscribe to AUTOCRYPT’s newsletter.