AUTOCRYPT, Author at AUTOCRYPT

14 September, 2023 . 6 mins read

Risk Assessment for UN R155: A Closer Look at Vehicle Fuzzing

Have you ever wondered how vehicle manufacturers secure vehicles from cyber threats? The cybersecurity implementation process starts way before the vehicle hits the road and encounters any threats. During the manufacturing process, security experts hack the vehicle’s system to uncover any bugs and vulnerabilities that may be present in the embedded code. There are many different ways of doing that. One of them is called fuzzing. Fuzzing is a software risk assessment method that involves overflowing the system with random inputs to uncover bugs and vulnerabilities that are difficult to find through other testing methods. Fuzzing is done to test the vehicle’s software during the development process to make sure that the software is reliable and can be released to consumers.

Why do we need vehicle fuzzing?

In the automotive industry, original equipment manufacturers (OEMs) face regulatory obligations to address vehicle security risks. Compliance with UNECE WP.29 Regulation No. 155 (UN R155) requires vehicle manufacturers to implement an automotive cybersecurity management system (CSMS) to verify appropriate security measures in vehicle architecture. Here, the security measures signify comprehensive risk assessment, risk management, and mitigation procedures.

During the type approval process, manufacturers must verify the sufficiency of cybersecurity measures by demonstrating their risk identification and testing practices. Here is where fuzzing comes in.

Fuzzing is a technique for detecting software vulnerabilities by inputting intentionally invalid and unexpected data into the selected program with the intention to crash it. Doing this helps detect bugs and vulnerabilities in the software that may have not been found otherwise. Vehicle fuzzing can be viewed as an essential and comprehensive way to test if the system functions correctly, thereby verifying the sufficiency of security measures.

Functional testing and penetration testing, among others, can also be used to verify the sufficiency of cybersecurity measures for UN R155 approval. According to the regulation, OEMs not only have to disclose the results of these tests but also keep testing procedures up to date.

Who is responsible for fuzzing?

Even though vehicle manufacturers are responsible for the regulatory type approval, cybersecurity regulations are aimed at the entire automotive industry. So, fuzzing does not have to be done exclusively by the vehicle manufacturer. Tier 1 suppliers and software providers are often asked to provide fuzzing results for their software as well. Moreover, third-party white hat hackers conduct fuzzing along with penetration testing on vehicles and report any newly found vulnerabilities to the manufacturers to receive a bounty. This type of third-party fuzzing is becoming a common practice in the industry, allowing for a wider pool of cybersecurity experts to participate in strengthening vehicle cybersecurity.

Types of vehicle fuzzing

In fact, members of the AUTOCRYPT Red Team have won a major OEM’s bounty for discovering several vehicle vulnerabilities after independently conducting fuzz tests. This type of independent fuzz testing is called a black box test. In other words, a black box fuzz test defines a test where testers have no knowledge of the internal structure of the software, and perform tests by using only publicly available information. Led by award-winning ethical hacker Dr. Jonghyuk Song, AUTOCRYPT Red Team is known for its innovative approaches in black box fuzzing on CAN and IP protocols.

Other types of fuzz tests include gray box and white box fuzzing. During the gray box fuzz test hackers have no knowledge of the internal structure of the software, but some non-publicly available information is shared with them in advance. Gray box testing is one of the most commonly practiced fuzz tests in the industry. White box fuzzing is the most open type, where ethical hackers have access to the complete internal structure of the software.

The difference in the amount of information in each of the fuzzing types affects how the fuzzing test will be performed.

Performing vehicle fuzzing

The first step in the vehicle fuzzing process would be to choose the testing target device. Fuzzing is aimed at testing the software operations of a specific device in a vehicle and modern-day software-defined vehicles have no shortage of devices that need to be tested for potential bugs and vulnerabilities.

The next step is test case generation, which is when the intentional software overflow happens. The fuzzer generates random invalid inputs in the target device code to detect abnormalities. The intentional software “attack” happens during the test case delivery stage.

If the test is successful and the fuzzer detects an abnormality, the tool ceases operation. This happens because software overflow induces a system crash. Detected bugs are then reported and fuzzing has to be restarted to continue testing. The crash and restart process can make vehicle fuzzing a rather time-consuming endeavor. However, more advanced fuzzing solutions can automate operations to significantly reduce testing time.

For instance, AutoCrypt Security Fuzzer records the behaviors from the fuzzing target after a successful round of testing and automatically moves back to the second stage of test case generation. The results of the preceding tests are used to generate semi-random inputs using machine learning-based algorithms, greatly reducing fuzzing time while increasing the likelihood of bug detection. On top of that, if the Security Fuzzer causes a crash, it reproduces the same series of inputs based on the delivery history. Reproducing the test case allows for the replication of the test scenario, helping developers pinpoint the problems in the software. This algorithm-based smart fuzzing process allows for more precise and time-efficient testing.

Fuzzing is unique to its counterparts in that it can help uncover vulnerabilities that were previously unknown and help protect vehicle systems from zero-day attacks. Its special ability to detect unprecedented software issues makes it essential for vulnerability testing and risk assessment for UN R155. While complex and time-consuming, a fuzz test can be viewed as a health check-up that gives you an insight into how the systems are performing when there are no apparent symptoms present. When paired with other cybersecurity measures like penetration testing, a fuzz test can generate a holistic picture of in-vehicle systems operations and cybersecurity measure robustness.

To learn more about AUTOCRYPT’s vehicle cybersecurity testing measures and cybersecurity regulation compliance consulting services, contact global@autocrypt.io.

5 September, 2023 . 3 mins read

AutoCrypt Security Fuzzer Expands Vehicle Fuzzing Capabilities Through Major Upgrade

SEOUL, KOREA, September 5, 2023 — Automotive cybersecurity and mobility solutions company AUTOCRYPT released a major upgrade to its automotive fuzzing software—AutoCrypt Security Fuzzer. The upgrade (version 2.0) enables a much wider testing range and greater automation, allowing automotive OEMs to benefit from a more simplified and efficient fuzzing process for UN R155 (WP.29) compliance.

AutoCrypt Security Fuzzer was first released in December 2021. As the world’s first fuzzing solution for the vehicular environment, its fuzzing algorithms were built based on the structures of Unified Diagnostic Services (UDS), the communication protocol used in electronic control units (ECU). Version 2.0 expands the testing range beyond ECUs to include other protocols like the Controller Area Network (CAN), Wi-Fi, Bluetooth Low Energy (BLE), and most importantly, the Ethernet, which is a crucial component of software-defined vehicles. The v2.0 platform also allows new protocols to be added through software updates.

Offered through an intuitive UI, AutoCrypt Security Fuzzer v2.0 greatly improves the user experience. Yet, its biggest differentiation point is its smart fuzzing capabilities. It accurately identifies the functions and technical specifications of each test target and generates test cases based on these characteristics, ensuring that only relevant test cases are input into the program. Moreover, testing can be assigned at a project level, allowing for continuous testing for multiple ECUs. Even if an unexpected interruption occurs, the fuzzing process will continue based on its automation algorithms. All these features make AutoCrypt Security Fuzzer exceptionally efficient and easy to use.

AUTOCRYPT’s CEO, Daniel ES Kim, emphasized the importance of fuzz testing for vehicle production, “Fuzz testing is not just an effective way to identify software vulnerabilities at an early stage, but a necessary process to receive vehicle type approval as mandated by UN R155.” Regarding AutoCrypt Security Fuzzer, he added, “We developed the solution specifically for the automotive industry. It offers diagnostics services and NRC support features based on ISO 14229. It also provides support for all ISO-TP specifications as defined in ISO 15765.”

AutoCrypt Security Fuzzer is a component of AUTOCRYPT’s in-vehicle systems (IVS) security solution, an end-to-end automotive cybersecurity solution that secures all stages of the vehicle lifecycle, offering a wide range of products and services from TARA and security testing to the intrusion detection and prevention system (IDPS) and vehicle security operations center (vSOC). To learn more about AUTOCRYPT’s IVS solution, contact global@autocrypt.io.

ABOUT AUTOCRYPT

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and processes for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way toward a secure and reliable C-ITS ecosystem. AUTOCRYPT also provides management and service platforms for the operators and end users of e-mobility and MaaS, contributing to sustainable and universal mobility.

9 August, 2023 . 7 mins read

From Seoul to London: How Cities Customize Public Transport Payment

Public transportation is a cornerstone of modern urban living, offering convenience, efficiency, and sustainability for commuters worldwide. As cities continue to expand and mobility becomes more critical than ever, public transport payment methods have evolved significantly, incorporating more user-friendly features. From contactless smart cards to integrated mobile apps, we will explore how cities have revolutionized public transport payment to cater to the diverse needs of their residents and visitors.

Seoul, South Korea – Seamless commuting experience

Seoul, the dynamic capital of South Korea, is renowned for its high-tech public transportation system that bridges its vast urban landscape. The public transport system in Seoul is closely interconnected. Many of the subway and bus routes cross the city border, seamlessly linking Seoul to its surrounding suburban regions. Over a million people commute to Seoul from nearby regions like Incheon and Gyeonggi Province on a daily basis. These commutes often entail multiple transfers between subway lines or from subway to buses. To accommodate such an interconnected system, a common payment method that allows for convenient cross-city travel and smooth transfers is a must for a city like Seoul.

To ensure a seamless travel experience for passengers Seoul’s public transport authorities have incorporated a contactless payment system. Diversification of payment options creates additional convenience for users. In Seoul, you can use regular contactless-enabled bank cards, rechargeable T-money public transport cards, and single-use tickets to pay for your rides. The contactless payment system also supports alternative digital payments like the T-money mobile app and Samsung Pay.

Using a personal credit card for public transport is reserved for locals who can get a public transport payment-enabled card at Korean banks. T-money cards, on the other hand, are available to everyone. The T-money card functions as a rechargeable card that passengers can easily top up at various locations, such as through the mobile app, at subway stations, and convenience stores. Beyond its use in public transportation, the T-money card extends its service to payments at vending machines and convenience stores.

One of the key strengths of Seoul’s contactless payment system lies in its seamless integration across various modes of transportation. Whether taking the subway, hopping on a bus, renting a bike, or catching a taxi, commuters can utilize the same card for all their travel needs. The payment system also accounts for multi-modal commutes, offering discounts for transfers completed within 30 minutes from the previous ride. This integration minimizes the hassle of juggling multiple payment methods and encourages the use of public transport for travel in and outside of the city. The same contactless payment methods can also be used nationwide, making public transport payment universally convenient across South Korea.

London, United Kingdom – Convenience for locals and tourists

As one of the world’s largest cities, London boasts an extensive and intricate public transport network comprised of the underground, iconic two-decker buses, and railways. On top of having a multi-million population, the city welcomes millions of tourists from all over the world every year. London’s public transport system helps all of these people navigate the city on a daily basis.

London’s public transport payment system is renowned for its flexibility. The system operates on a contactless basis on virtually all public transit in London, including buses, underground, overground, Docklands Light Railway (DLR), and most national rail services in the city. Users can pay for their rides with whatever payment method is the most convenient for them.

Passengers can use contactless credit or debit cards, as well as mobile payment options like Apple Pay, Samsung Pay, and Google Pay. London’s mass transit system also offers its own contactless Oyster card that is used as a rechargeable smart card. Users can top up their cards with credit to travel across the city effortlessly. To cater to tourists, the city offers Visitor Oyster cards that offer discounts on London’s popular attractions. The British capital’s public transport payment system’s flexibility caters to the needs of both residents and international travelers, offering users a wide variety of payment options to choose from.

One notable feature of London’s transport payment system is fare capping. The amount passengers pay for their daily or weekly travels is capped at a predetermined limit, equivalent to the cost of a pre-paid day/week travel card. Fare capping ensures that commuters never pay more than necessary, providing financial relief for regular commuters.

London is one of the most expensive cities in the world. For a city like this, public transport payment capping helps ease the financial burden of everyday commuting. Fare capping also makes public transport a more attractive alternative to other means of transportation like cabs and private cars, which helps ease traffic congestion in a city known for its narrow alleyways.

Munich, Germany – Bridging analog and digital

Munich, a city renowned for its rich history and cultural heritage, has an efficient and reliable public transportation system operating a wide-reaching metro, trams, and buses. Payment for Munich’s public transport is done with an MVV (Münchner Verkehrs- und Tarifverbund (Munich Transport and Tariff Association))ticket, a rather traditional payment method compared to more high-tech contactless options.

The MVV ticket is a paper or electronic ticket that provides access to Munich’s extensive public transport network, including the U-Bahn (subway), S-Bahn (commuter trains), trams, and buses. Travelers can choose from various ticket options, such as single-ride tickets, stripe tickets for multiple rides, day passes, tourist cards, and weekly or monthly travel cards.

Munich’s public transport system is organized into multiple zones, and the MVV ticket fares differ across these zones. Due to the difference in fares, ticket prices are calculated according to the passenger’s journey. Multi-use tickets, like monthly and weekly pre-paid cards, also take zonal travel into account offering different ticket prices for different zones. Prior to boarding public transport passengers have to validate their tickets by stamping them in at stamping machines as there are no turnstiles on the subways performing automatic validation.

Because of Munich’s unique public transport structure, the payment system can seem rather analog. Passengers have to purchase new tickets quite frequently, which can be cumbersome. To make public transport payment more convenient for the users the city rolled out alternative ways to purchase tickets digitally. Munich has embraced mobile ticketing applications, like The MVV app, which allow travelers to purchase tickets on their phones. Some tickets can also be purchased on the MVV website. This kind of digitization implements more user-friendly practices in public transit payment while catering to the existing system’s operations.

Seoul, London, and Munich, each of these cities are unique in their public transit system operations and user demographics. Each city’s public transit authorities have successfully devised distinct payment systems that work best for them. These diverse approaches showcase how cities worldwide are leveraging technology to enhance the commuter experience. Making public transport more user-friendly is an important step in promoting sustainable transportation and reducing reliance on private vehicles.

As urbanization continues to shape the world, the lessons learned from Seoul, London, and Munich’s public transport payment systems offer valuable insights for other cities striving to create customized and user-friendly mobility solutions.

AUTOCRYPT utilizes its experience in secure fleet management and big data analytics to develop bespoke mobility platforms catering to clients’ needs. By embracing cutting-edge technologies and customer-centric approaches, AUTOCRYPT creates mobility platforms that customers want to use. Learn more about AutoCrypt® MOVE.

28 July, 2023 . 3 mins read

AUTOCRYPT and V2ROADS Sign MOU to Cooperate on Full-Stack V2X Solution

SEOUL, KOREA, July 28, 2023 — AUTOCRYPT, an industry-leading automotive cybersecurity and V2X (vehicle-to-everything) solutions company, announced a new cooperation agreement with Hungary-based V2X solutions provider V2ROADS to deliver a full-stack secure V2X solution to Europe, North America, and South Asia.

The two companies offer complementary technologies for V2X communications. V2ROADS provides V2X software products for onboard units (OBU), roadside units (RSU), and server (cloud) infrastructure, delivering turnkey V2X software and hardware solutions. AUTOCRYPT specializes in the cybersecurity aspect of V2X, establishing PKI-based message security in compliance with the Security Credential Management System (SCMS). The transcontinental cooperation seeks to integrate AUTOCRYPT’s V2X security module and Local Certificate Manager (LCM) into V2ROADS’ OBUs and RSUs, allowing these devices to securely sign and verify messages by utilizing AUTOCRYPT’s cloud-based PKI services and SCMS backend.

With the combined solution, both companies will engage with automotive OEMs and C-ITS integrators in the European, North American, and Indian markets to accelerate V2X deployment. The two companies are also in talks to work with 4G/5G mobile network operators to bring forward value-added V2X services via multi-access edge computing through their infrastructure.

AUTOCRYPT CEO, Daniel ES Kim noted that “V2X and PKI must go hand in hand. Every V2X device needs to be equipped with the necessary security library and algorithms to enable SCMS enrolment and ongoing PKI services.” Regarding this cooperation, he commented, “We are excited to work with V2ROADS to bring forward a complete V2X deployment solution with pre-validated security features, simplifying V2X implementation for OEMs and C-ITS operators.”

V2ROADS CEO, Yaroslav Domaratsky, PhD commented, “We see the growing V2X project opportunities in Europe, North America, and South Asia in the areas of vehicle and vulnerable road user (VRU) safety, traffic efficiency, and more optimal electrical and autonomous vehicle operations. We are very excited to work with AUTOCRYPT to integrate its V2X security module and LCM into our OBUs and RSUs.”

AUTOCRYPT offers one of the most comprehensive V2X security solutions in the industry. Besides providing security software for V2X end entities, its Integrated Management System (IMS) for SCMS enables operators to monitor and manage all their SCMS certificates across all regions in real time.

To learn more about AUTOCRYPT’s V2X security solutions and the cooperation, contact global@autocrypt.io

ABOUT AUTOCRYPT

AUTOCRYPT is the leading player in automotive cybersecurity and connected mobility technologies. It specializes in the development and integration of security software and processes for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way toward a secure and reliable C-ITS ecosystem. AUTOCRYPT is a pioneer in integrating trusted execution environments (TEE) into automotive systems, for which it received ASPICE CL2 certification. The company is also accredited by WebTrust as a root CA for V2X PKI.

AUTOCRYPT also provides management and service platforms for the operators and end users of e-mobility and MaaS. By building customized platforms tailored to individual needs, AUTOCRYPT contributes to sustainable and universal mobility.

27 July, 2023 . 3 mins read

AUTOCRYPT Releases Plug&Charge Upgrade for Charging Station Management System

SEOUL, KOREA, July 27, 2023 — Automotive cybersecurity and mobility solutions provider AUTOCRYPT expanded the scope of its EV charging station management system (CSMS) through the release of “EVIQ CSMS for Plug&Charge,” an add-on that will seamlessly guide the deployment and management of Plug&Charge (PnC) operations, available for charge point operators (CPO) and e-mobility service providers (EMSP). Defined in ISO 15118 for vehicle-to-grid (V2G) communications, Plug&Charge allows vehicles and chargers to automatically authenticate one another once plugged in, enabling a fully automated charging and billing process.

Certificate management through EVIQ CSMS for Plug&Charge

Compliant with ISO 15118-2 and ISO 15118-20, EVIQ CSMS for Plug&Charge provides customers with a comprehensive set of components necessary for the adoption of PnC technology as well as the management of PnC-capable chargers. These include the establishment of a PnC server on the backend and a frontend admin dashboard for certificate key management. The PnC server is integrated into the existing server of the CPO, while the admin dashboard can be integrated into their existing CSMS frontend or AUTOCRYPT’s EVIQ CSMS dashboard.

More importantly, the PnC add-on is interoperable across multiple V2G root environments. Due to the wide variety of V2G roots used by different CPOs and EMSPs, many service operators have found it challenging to enable Plug&Charge across different vehicle models and charging stations. AUTOCRYPT facilitates this interoperability by enabling validation across multiple root certificates.

“Given the growing number of regulations in Europe and Asia mandating V2G interoperability in public charging stations, we expect Plug&Charge to become the mainstream method for EV charging and billing,” said Daniel ES Kim, CEO of AUTOCRYPT. “The growing adoption of NACS will also simplify PnC deployment across North America. We look forward to helping more operators implement and manage the technology.”

The North American Charging Standard (NACS), formerly known as the Tesla charging connector specification, is now gaining popularity across the continent after Tesla opened the technology to other OEMs in late 2022.

Offering full compatibility with NACS, AUTOCRYPT’s EVIQ lineup of EV charging-related solutions also encompasses the establishment of the PKI needed for secure PnC authentication. The company has deployed its PnC PKI for some best-selling EV models across the globe and the largest PnC charging network in South Korea.

ABOUT AUTOCRYPT

AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and processes for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way toward a secure and reliable C-ITS ecosystem. AUTOCRYPT is a pioneer in integrating trusted execution environments (TEE) into automotive systems, for which it received ASPICE CL2 certification. The company is also accredited by WebTrust as a root CA for V2X PKI.

11 July, 2023 . 5 mins read

In-Vehicle Cybersecurity: A Closer Look at HSM and TEE

It has long been established that cybersecurity is essential to vehicle operations and needs to be implemented universally. However, it is important to note that automotive cybersecurity does not follow a one-size-fits-all approach. Different types of cybersecurity measures have their pros and cons and are more effective for certain types of vehicle architectures rather than others. While there are different types of vehicle cybersecurity measures available on the market today, this blog will discuss hardware security modules (HSM) and trusted execution environments (TEE), offering a closer look at two of the most robust vehicle cybersecurity solutions.

Why do we need in-vehicle security?

Modern vehicles have complex internal computing systems that enable superior functions like advanced driver-assistance systems (ADAS), vehicle-to-everything (V2X) communications, as well as network and cloud connectivity. These internal computing systems interact with each other and the external network, exchanging large amounts of data and signals. If these communication nodes lack appropriate security measures it leaves the vehicle vulnerable to cyber risk.

Wi-Fi, navigation systems, V2X communications, all of these network connection endpoints can be potential routes for cyber attacks. Hackers could breach into a vehicle’s internal system to steal private data like vehicle location, registration number, and even financial information. There is also the risk of hackers breaking into the vehicle systems to gain control of its functions. We saw this happen when two researchers hacked into a car through its cellular connection. After establishing a wireless access to the car, the hackers gained control of the vehicle’s dashboard, infotainment system, and even the engine.

This experiment revealed many vulnerabilities in vehicle internal systems security. It also solidified the importance of a layered approach to vehicle cybersecurity, where both the internal vehicle environment and the external communications are secured.

What is HSM?

One of the most robust cybersecurity solutions in the automotive industry is a Hardware Security Module (HSM). HSM is an external physical security unit that is installed into electronic control units (ECU). It safeguards vehicle communications and functional control systems with message cryptography. Typically, an HSM will include its own processor, cryptographic technologies, and dedicated memory for the hardware security firmware and secure data. Having its own processor, the HSM operates separately from the ECU, bearing the computational load of security functions.

The security module’s main job is to safeguard sensitive vehicle data during message exchanges. It does this by storing cryptographic keys, performing cryptographic operations, and verifying digital signatures to conduct authenticity checks for messages passing through the vehicle. This makes sure that data coming from outside of the vehicle is verified, and data leaving the vehicle is safely encrypted.

HSMs have been the industry standard in vehicle cybersecurity for their ability to safeguard valuable information from tampering. However, there is a problem of scalability with this particular cybersecurity measure. HSM is a security unit that has to be physically installed into ECUs within the vehicle. So, installing HSMs in cars with complex internal architectures and an abundance of ECUs may become costly.

There is also the issue of flexibility. Many modern luxury vehicles support over-the-air (OTA) systems like software downloads and updates. These OTA systems enable the installation of new functionalities into a vehicle without having to alter its hardware composition.

In a rapidly developing automotive industry, cybersecurity software needs to be able to adapt to vehicle software changes. This will be hard to achieve for a car secured only with hardware security modules. The hardware-software segregation in advanced vehicle architectures requires a more flexible approach to cybersecurity that ensures cybersecurity measures evolve hand-in-hand with vehicle software developments.

What is TEE?

A cybersecurity solution that works more effectively in centralized vehicle architectures with ever-evolving software structures is a Trusted Execution Environment (TEE). TEE is a software-based security measure that creates a secure and isolated environment within the application processor, separating critical operations from the rest of the system.

Critical operations and sensitive data can be executed and stored within the trusted execution environment, shielded from potential cyber threats. Similar to HSMs, TEEs have protected crypto libraries where sensitive information, such as cryptographic keys, can be securely stored and managed. They also provide secure communication channels between trusted components, ensuring that data transmitted within the secured area remains confidential and protected from the rest of the vehicle. This helps prevent unauthorized access or tampering.

For instance, the AutoCrypt IVS-TEE security solution offers OTA systems security with encryption and authentication technologies, making sure that only validated software is received and installed during OTA system updates. This is done to ensure that the software comes from an OEM and not a malicious actor.

While TEE and HSM offer similar cybersecurity measures they are very different in terms of implementation and execution. TEEs are built into the application processor’s chipset and can be implemented through software updates, making them more flexible and adaptable to changing security requirements. Leveraging a vehicle’s existing hardware resources, TEEs eliminate the need for additional security components, potentially reducing costs.

Establishing a TEE is a cybersecurity-by-design approach that ensures that there is a secure environment to run critical operations in every application processor.

As vehicles become increasingly connected and autonomous, the importance of robust automotive cybersecurity methods cannot be overstated. HSM and TEE both play crucial roles in securing vehicles against cyber threats. HSMs excel in cryptographic operations and secure key storage, while TEEs create isolated execution environments within the main processor. By combining these methods, automotive manufacturers can maximize protection from external cyber threats and enhance the security of their vehicles.

AUTOCRYPT’s in-vehicle cybersecurity solutions provide complete protection for the vehicle-embedded systems minimizing cybersecurity risks.

To stay informed about the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.