Category: Blog

3 July, 2024 . 5 mins read

High-Precision V2X Positioning: Why Centimeter-Level Accuracy Matters

In the rapidly advancing field of automotive technology, Vehicle-to-Everything (V2X) communication is becoming a cornerstone for future transportation systems. A fundamental element in V2X is positioning, which involves recognizing a vehicle’s absolute and relative positions concerning other surrounding objects. This article delves into why achieving high-precision positioning is crucial in V2X communication, the technologies enabling centimeter-level accuracy, some applications that benefit from such precision, and technology development considerations.

Importance of Achieving High-Precision Positioning in V2X Communication

The value proposition of V2X technology lies in road safety and road-traffic optimization. And while the technology has come a long way there is still some room for growth. To maximize the benefits of V2X the technology must achieve high-precision positioning.

One of the most proposed use cases of V2X, autonomous driving, requires a very high level of positioning accuracy because even minor errors can lead to fatal accidents. The goal of the industry is to provide precise and reliable positioning that ensures that autonomous vehicles can navigate safely and efficiently at any time in any environment.

Technologies Enabling Centimeter-Level Accuracy

Common positioning technology like Global Navigation Satellite System (GNSS) is already widely used in V2X positioning. While GNSS is exceptional at pin-pointing a car’s location in an open landscape, it is not suitable for congested urban environments with tall buildings and tunnels, where signal blockages often occur. Therefore, supplementing GNSS or employing more sophisticated technology is a crucial step to ensuring high-accuracy positioning in V2X.

Several technologies contribute to achieving centimeter-level positioning accuracy:

Cellular Positioning uses the cellular network to exchange dedicated positioning signals. Cellular networks offer more precise positioning than GNSS but are limited by geographical coverage.

Inertial Navigation System (INS) uses motion sensors and computational units to continuously calculate the vehicle position relative to its corresponding initial position. The major pro is that INS is not dependent on any external information. However, the system performance degrades with time due to the accumulation of measurement errors at each calculation.

Sensors and HD Maps can achieve centimeter-level positioning but are costly and require significant computational power. Sensors offer detailed information about vehicle surroundings but they may malfunction or be disrupted by cyber attacks, meaning that sensors are not always reliable. On the other hand, HD maps offer high-precision positioning and a 360-view of the road, however, the performance is highly contingent on the quality of map data. Furthermore, HD maps perform well only if the physical environment remains unchanged, which is not realistic in growing and ever-changing urban environments.

Each positioning method has its pros and cons. The good news is that they can supplement each other’s weaknesses and offer multiplied benefits, suggesting that a hybrid approach may be ideal. Hybrid Data Fusion Method of Positioning combines data from multiple sources, such as GNSS, INS, cellular networks, and HD maps, to improve positioning performance in V2X applications. By merging data collected from various sources, the final positioning result is more refined, accurate, and reliable than what could be achieved using any single method.

Applications Benefiting from High-Precision Positioning

While not all V2X applications will require high-precision positioning, several V2X use cases significantly benefit from centimeter-level positioning.

High-precision positioning is essential for autonomous driving as it enables vehicles to navigate safely and efficiently in complex road scenarios, maintaining their lane and avoiding obstacles.

In addition, accurate positioning is crucial for systems designed to prevent collisions by alerting drivers to potential hazards in real-time. Anti-collision warnings require robust high-precision positioning, since vehicles need to be able to identify dangers even in the most chaotic and unexpected road conditions.

High-precision positioning is also extremely beneficial for more mundane uses of V2X technology like parking assistance. Systems that assist with parking rely on precise positioning to maneuver vehicles into tight spaces, helping drivers avoid accidents in crowded parking lots.

V2X Technology Development Considerations

There are 2 main requirements and considerations that need to be accounted for in order to achieve consistent, stable, and accurate positioning at all times.

Variable Accuracy Requirements: Different use cases require different levels of accuracy. For example, a pre-crash warning system needs more accurate positioning than a congestion alert. Which means that not every positioning technique will be able to respond to the demands of some applications. Therefore, a larger number of technologies needs to be developed to ensure the required positioning accuracy for more sophisticated V2X use cases.

Cost Considerations: A number of technologies offering centimeter-level positioning, such as sensors and HD maps, require large computational power as well as advanced and expensive technology. At the current stage, one set of technology would not provide the sufficient accuracy for more advanced V2X applications. Hence, implementing and maintaining multi-level systems capable of achieving exceptional positioning accuracy may need a sizable investment at the initial stages of technological advancement. However, as the technology matures the costs will naturally decrease. In addition, the expected benefits of V2X technology, like increased traffic efficiency and reduced road accidents, will generate substantial cost savings down the line.

As the automotive industry advances towards greater automation and connectivity, the importance of high-precision V2X positioning becomes increasingly evident. Centimeter-level accuracy is essential for ensuring the safety, efficiency, and reliability of advanced V2X applications. By leveraging and combining advanced positioning techniques, the industry can achieve the level of precision needed to fully realize the potential of V2X. This progress will pave the way for a safer, smarter, and more connected transportation system.

To stay informed and updated on the latest news about AUTOCRYPT and vehicle-to-everything technology, subscribe to AUTOCRYPT’s newsletter.

20 June, 2024 . 5 mins read

V2X Development Projects Around the World

The past 5 years were rich in new developments in the world of connected driving, with governments announcing huge grant opportunities for organizations willing to develop and implement Vehicle-to-Everything (V2X) systems infrastructure.

The advantages of widespread V2X implementation are well recognized, particularly in terms of enhanced road safety and reduced carbon emissions. However, the primary challenge in V2X deployment is the ‘hockey stick’ value proposition, where the benefits become substantial only after mass technology deployment. Therefore, a collaboration between government, academia, and the private sector is crucial to advancing the industry.

Global V2X Development Projects

V2X development projects around the globe vary significantly in scale and focus, yet they share the common objective of creating a V2X infrastructure that enhances safety and efficiency in the transportation sector. Below are some notable projects and deployments around the world.

United Kingdom

As part of the V2X Innovation Program supported by the UK Government Initiative, the Rural Energy Resilience Program is exploring new vehicle-to-grid (V2G) and energy management technologies. This project connects local car clubs, community buildings, renewable energy providers, and distribution network providers, deploying various V2G charging points across the community.

The program’s aim is to equip local community buildings with bi-directional chargers featuring V2G functionality. The buildings serve as a rest spot for people who need to charge their EVs, boosting local economies. The community buildings also benefit from energy optimization with access to flexible grid services, which provides back up electricity storage during power outages. Beyond stabilizing energy grids for communities with electricity constraints, the project also enhances transportation options in areas with limited public transport.

United States

The United States has multiple grant schemes aimed at promoting the development of advanced transportation technologies, with both the United States Department of Transportation and the Federal Highway Administration supporting the development of V2X projects. One notable initiative is the Advanced Transportation Technology and Innovation (ATTAIN) program, which encourages the use of advanced technologies to improve safety and reduce travel times for drivers and transit riders.

The University of Michigan’s Transportation Research Institute is a beneficiary of the ATTAIN program. As part of this program, UMTRI deployed over 70 roadside units (RSUs) at intersections in Ann Arbor and retrofitted 100 vehicles with low-cost aftermarket onboard units. This connected environment allows vehicles to communicate with each other, infrastructure, the cloud, cellular networks, pedestrians, and other vulnerable road users.

The project is conducted in partnership with the city of Ann Arbor, Ford, Qualcomm, and others. Aiming to boost safety for passengers, pedestrians, and residents by connecting vehicles to each other and nearby infrastructure, the project sets a baseline for future V2X infrastructure deployments in the United States.

University of Michigan has been a testbed for numerous other V2X projects, one of which is the OmniAir Plugfest. Autocrypt participated in the plugfest to test its V2X-PKI in a collaborative environment with other cybersecurity experts, test laboratories, and deploying agencies. The aim of the plugfest was to demonstrate SCMS interoperability to advance nationwide deployment of V2X technologies.

Singapore

Nanyang Technological University (NTU) is leading the development of Singapore’s first 5G cellular vehicle-to-everything (C-V2X) testbed. As part of the NTU Connected Smart Mobility (COSMO) program, the 200-hectare NTU Smart Campus hosts a testbed leveraging ultra-fast 5G technology to enhance connected mobility.

Partnering with the telecommunications company M1, NTU deployed three 5G base stations to enable reliable communications for a wide range of sensors on vehicles and transport infrastructure. C-V2X equipment were installed in shuttle buses and autonomous vehicles to conduct real-world vehicle localization tests and assess the 5G network’s performance. The testbed allows industry partners to co-design and deploy innovative connected mobility solutions, focusing on safety-critical applications such as collision avoidance, real-time traffic routing, and network security.

The NTU Smart Campus testbed aims to develop a safer, more efficient, and reliable transportation infrastructure, fostering the development of connected mobility in Singapore.

China

China is a leader in global V2X deployment, with the government partnering with the private sector to roll out numerous V2X initiatives and large-scale testing sites across the country to test the technology in diverse conditions.

The Tianjin National Pilot Area was created to explore various application scenarios of V2X, build an open and innovative industrial ecology, and explore feasible ways to test V2X systems. The first phase of the pilot zone covers 48 km of open road area equipped 67 intersections with full-range perception infrastructure and V2X communication nodes.

The main goal of the pilot zone is to verify the security of V2X messages exchanged through the network. 20 security scenarios were laid out across 7.6 km of open road for enterprises to verify the security of V2X mechanisms like secure communication protocols, security certificate applications, and certificate management. The pilot area has been utilized to test over 100 cases for traffic safety, traffic efficiency, and information services.

The global efforts in developing and implementing V2X technology illustrate the collective ambition to enhance road safety, optimize traffic flow, and decarbonize roads. By fostering close collaboration among governments, academia, and private enterprises, these projects demonstrate the potential of V2X technology to revolutionize transportation. As these initiatives continue to advance, they pave the way for a more connected, efficient, and safer future in mobility, ultimately benefiting societies worldwide.

To learn more about AUTOCRYPT’s V2X security solutions, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

31 May, 2024 . 3 mins read

Securing Vehicles with Automotive Intrusion Detection Systems (IDS)

It has long been established that cybersecurity is becoming more important in the automotive industry. The mass adoption of cybersecurity practices in the industry is in line with the development of vehicle technology. Nowadays vehicles have more complex internal structures and are more exposed to external communication channels, meaning that there are more endpoints that need protection from cyber threats. Automakers are turning to various cybersecurity approaches to secure their vehicles, one of the most common ones being automotive intrusion detection systems (IDS).

What is an Automotive IDS?

An automotive IDS is an intrusion detection system adapted specifically for the automotive industry. These solutions monitor network traffic entering and traversing the vehicle, as well as the activities within the vehicle’s components, to detect traffic anomalies or potentially malicious activity. IDS compares the monitored traffic and behaviors against a database of known cyber threats and attack patterns. If a match is found, it raises an alert to the relevant administrators or security personnel to address.

Automotive IDSs typically employ two main detection methods:

1. Signature-based detection: Matches observed activity against a database of known malicious patterns or signatures.

2. Anomaly-based detection: Identifies deviations from established normal network behavior or activity baselines, flagging any unusual activities that might indicate a potential intrusion.

It’s important to note that an intrusion detection system is a monitoring tool, meaning it detects threats but does not actively prevent or mitigate them. Upon detecting anomalous behavior or a potential threat, the IDS sends an alert, allowing administrators to investigate and take appropriate action.

Types of Automotive IDS

IDSs are categorized based on their deployment location and the scope of activity they monitor. In the automotive context, we will discuss two main types:

1. Network-based IDS (N-IDS)

A network-based IDS monitors the entire vehicle network for anomalous activity, checking all incoming and outgoing traffic. This provides a broad, network-level view of potential threats and can detect attacks targeting the vehicle’s communication channels or network infrastructure.

2. Host-based IDS (H-IDS)

A host-based IDS is a security software designed to monitor the activities of an individual host or vehicle component, such as an Electronic Control Unit (ECU). It focuses on detecting threats targeting specific systems or components within the vehicle, providing a more granular level of cybersecurity monitoring.

While implementing either one of these intrusion detection system types will help protect an automobile from cyber attacks, most contemporary vehicles will benefit from a mix of both host-based and network-based IDS. For instance, Autocrypt’s IDS combines both network-based and host-based IDS to ensure maximum threat monitoring coverage across the vehicle’s network and individual components.

Comprehensive Vehicle Protection

To ensure comprehensive vehicle protection, automakers are highly advised to implement multiple cybersecurity solutions simultaneously. Since an IDS is a monitoring-only device, pairing it with an Intrusion Prevention System (IPS) would ensure that malicious activities are not only detected but also mitigated.

Additionally, implementing diverse cybersecurity measures will help automakers better address the requirements of vehicle cybersecurity regulations like UN R155 and R156, which mandate cybersecurity throughout the entire vehicle lifecycle.

By adopting a multi-layered approach with complementary cybersecurity solutions like IDS, IPS, and others, automakers can significantly enhance the overall security posture of their vehicles, safeguarding them against a wide range of cyber threats in today’s connected automotive landscape.

Visit our in-vehicle security solutions page to find the solution that best fits your cybersecurity needs.

Follow AUTOCRYPT on LinkedIn to stay informed about our latest news and blogs.

9 May, 2024 . 3 mins read

Compliance with UN R156: Securing Vehicle Software Updates

In the past, vehicles were purchased with a fixed set of functionalities that remained unchanged until the owner acquired a new vehicle. However, modern cars have evolved into customizable platforms with software that can be continuously updated and enhanced.

To meet the growing demand for personalization and remain competitive, manufacturers now offer advanced features that can be subscribed to and downloaded onto vehicles at any time after purchase. These functionalities, such as entertainment applications, driver assistance systems, self-driving capabilities, and others, are constantly being improved and updated.

Maintaining this kind of flexible software structure requires vehicle manufacturers to implement periodic update procedures. However, since these updates essentially alter the vehicle’s software and carry a fair amount of potential risks, it is crucial that they are implemented in the most secure way possible. This is where the UNECE Regulation 156 (UN R156) comes into play, establishing a much-needed framework for secure vehicle software updates.

UN R156 Requirements

UNECE Regulation 156 establishes the minimum cybersecurity and Software Update Management System (SUMS) requirements for vehicle manufacturers. According to the regulation, manufacturers must implement the SUMS and demonstrate that they have the necessary processes in place to comply with all secure software update requirements. The requirements can be divided into two main categories:

  1. Software Update Management System Requirements: These include securing communication channels for updates, validating software integrity, implementing access control mechanisms, and maintaining update logs for auditing purposes.
  2. Vehicle Type Requirements: Specific rules and standards that vehicles must meet to ensure secure software updates.

As vehicles become increasingly software-defined, the ability to update their software securely and efficiently is paramount as unsecured software updates can leave vehicles vulnerable to cyber threats, such as malware infections, data breaches, or even remote control of vehicle systems. These risks can compromise vehicle safety, privacy, and security, making it essential to implement robust cybersecurity measures for software updates.

Securing Updates for UN R156 compliance

UNECE Regulation 156 requires manufacturers to implement appropriate cybersecurity measures to mitigate potential risks from software updates. These measures include:

  • Implementing a software update management system
  • Securing communication channels for update processes
  • Validating software integrity to prevent tampering
  • Implementing access control mechanisms to protect against unauthorized access
  • Maintaining update logs for auditing purposes

AUTOCRYPT offers a suite of in-vehicle cybersecurity products and solutions that implement the necessary security processes in line with UN R156 requirements for secure software updates. Apart from cybersecurity implementation, we also offer UN R155/156 compliance consulting services. Visit our UNECE WP.29 Consulting page to learn more and download the WP.29 regulation checklist outlining the steps for UNECE regulation compliance.

As the automotive industry continues to embrace software-defined vehicles, UN R156 plays a crucial role in ensuring the safe and secure updating of vehicle software. By establishing baseline requirements for cybersecurity and software update management systems, this regulation helps protect vehicles, their occupants, and the broader transportation ecosystem from potential cyber threats. Compliance with UNECE Regulation 156 is a critical step towards building a safer and more secure future for the automotive industry.

12 April, 2024 . 4 mins read

Cybersecurity Management System for UNECE Regulation 155

The automotive industry is entering an important stage of cybersecurity implementation. In July of 2024, UNECE Regulation 155 (UN R155) about vehicle cybersecurity and Cybersecurity Management Systems (CSMS) is coming into full force. What does this mean for the larger automotive industry?

Vehicle manufacturers across the 64 WP.29 member countries will be required to adhere to regulatory compliance measures outlined in UNECE Regulation 155. Vehicles that do not comply with the regulations will not be eligible for registration starting July 2024. We can already see how the regulation is affecting the industry in the recent Porsche announcement. The company stated that they will be discontinuing the combustion-powered 718 Boxster convertible and the 718 Cayman models in certain countries, due to not meeting the cybersecurity standards outlined in UN R155 legislation.

UN R155 is a set of regulations developed by the United Nations Economic Commission for Europe (UNECE) pertaining to cybersecurity in vehicles. The regulation establishes cybersecurity requirements for the vehicle manufacturing process and vehicle type approval, aimed at enhancing the security of connected vehicles and increasing resilience against cyber threats.

Essential Approval Requirements

The essential UN R155 approval requirements for automotive cybersecurity, address standards and protocols for securing connected vehicles against cyber threats. However, UN R155 does not only focus on vehicle cybersecurity. The regulation oversees the entire vehicle manufacturing process, enforcing cybersecurity measures to be incorporated on an organizational level and throughout the vehicle’s entire lifecycle.

OEMs wishing to receive UN R155 approval must implement a cybersecurity management system that verifies secure operations throughout the vehicle development, production, and post-production phases.

Upon CSMS implementation OEMs must go through a CSMS assessment process, also known as a CSMS audit, that will be conducted by an appointed Approval Authority. During a CSMS audit, the Approval Authority assesses and verifies the manufacturer’s compliance with the requirements outlined in UN R155. If the assessment deems cybersecurity management system implementation successful, the OEM obtains the Certificate of Compliance for CSMS. The Certificate of Compliance is valid for three years and can be extended upon expiration.

Requirements for CSMS

The requirements for the Cybersecurity Management System are holistic in nature and call for vehicle manufacturers to follow cybersecurity-by-design principles. From a grander organizational perspective to granular vehicle attack vector assessments, the CSMS requirements seek appropriate cybersecurity measures that continuously monitor, detect, and respond to cyber threats across the vehicle development lifecycle According to UN R155, vehicle manufacturers should ensure that their Cybersecurity Management System complies with the following stipulations:

1. The vehicle manufacturer shall demonstrate that their CSMS applies to the vehicle development, production, and post-production stages.

2. The vehicle manufacturer shall demonstrate that the processes used within their CSMS to ensure security is adequately considered and implemented continuously. This requirement entails cybersecurity management processes, risk identification, assessment, and mitigation.

3. OEMs are expected to stay on top of new cyber threats and vulnerabilities, keeping their security measures current.

4. Vehicle manufacturers must be able to provide relevant data to support analysis of attempted or successful cyberattacks to their designated Approval Authority.

5. OEMs shall demonstrate that the processes used within their CSMS will ensure that cyber threats and vulnerabilities are addressed and mitigated within a reasonable time frame.

6. Vehicle manufacturers must be able to demonstrate how their CSMS will manage dependencies that may exist with suppliers, service providers, or manufacturer’s sub-organizations. This means that OEMs are accountable for implementing and verifying cybersecurity practices along their supply chains.

Requirements beyond the CSMS

Meeting cybersecurity management system requirements and obtaining the CSMS Certificate of Compliance is the first step of the regulatory compliance process. UN Regulation 155 also includes an array of cybersecurity requirements for vehicle type approval. The type approval process focuses on the effectiveness of the security measures implemented in the actual vehicle and its components.

Our latest ebook delves into the key vehicle components to focus on for UN R155 type approval and can offer insight into how different vehicle components require different types of cybersecurity measures. 

Download eBook

UNR155 download button

Automotive cybersecurity implementation cannot be done in a one-size-fits-all manner. Different OEMs will have different cybersecurity and testing needs based on their organizational structures, vehicle manufacturing processes, and supply chains. With industry-leading expertise accumulated through years of experience in cybersecurity implementation, AUTOCRYPT offers professional consulting services for automotive OEMs and suppliers in establishing the CSMS.

To learn more about our CSMS Consulting Services and cybersecurity regulation compliance, contact global@autocrypt.io.

22 February, 2024 . 4 mins read

The Role of Penetration Testing in the Automotive Industry

The esteemed hackathon Pwn2Own has had its first ever automotive-focused event in Tokyo, Japan this January. At the end of the three-day hackathon, hackers identified 49 unique zero-day exploits, accumulating over a million dollars in awarded bounties. Hackathons like this have been common practice in the tech industry for years, however, they are just getting popular in the automotive sector.

During these hackathons, white-hat hackers gather to uncover zero-day vulnerabilities in vehicles and their systems. While hacking may have its negative connotations, ethical hacking performed in these events is better defined by the term penetration testing.

As technology advances, vehicles become increasingly vulnerable to cyber threats. Securing vehicles from these cyber threats requires extensive and proactive cyber security practices that not only protect vehicles but also actively search for new vulnerabilities in constantly developing systems. In this blog, we delve into the realm of automotive penetration testing, a critical practice aimed at identifying weaknesses in vehicle security systems.

Understanding Automotive Penetration Testing

Automotive penetration testing, or pentesting, is a process designed to identify vehicle vulnerabilities by means of hacking into specific components of a vehicle. This proactive way of cybersecurity testing allows for the uncovering of security gaps in a controlled environment. 

Penetration tests can be conducted internally by cybersecurity experts employed by an OEM, as well as externally, by independent ethical hackers. Upon successful identification of a vehicle vulnerability, hackers share their findings with an OEM for further investigation and remediation.

Besides vulnerability assessment, penetration testing provides positive feedback that can be used for attack surface analysis and compliance assessment.

Attack surface analysis allows cybersecurity experts to evaluate potential entry points that malicious actors could exploit to breach a vehicle’s system. The adoption of connected features in vehicles, such as IoT devices, telematics systems, and infotainment units, has opened up new avenues for cyber attacks. The exponential growth in vehicle technology multiplies the avenues hackers can exploit to gain unauthorized access to vehicle systems, compromise safety features, or steal sensitive data. Hence, penetration testing can be used to uncover the vulnerabilities within the system and also the various entry points and attack vectors that can be used to exploit said vulnerability.

For instance, to identify security gaps in a vehicle’s external communications a hacker may conduct a penetration test on ECUs responsible for a vehicle’s connectivity functions like Wi-Fi or V2X. Hacking into these individual ECUs allows cybersecurity experts to generate a threat model that lays out the potential entryways, threats, and influences that may impact an ECU.

Why Automotive Penetration Testing Matters

By conducting thorough security assessments manufacturers can identify vulnerabilities in vehicle systems and address them proactively. This not only enhances the overall security of vehicles but also helps meet regulatory obligations effectively.

Vehicle security regulations have evolved to include robust cybersecurity measures as compliance requirements. UN Regulation No. 155 (UN R155), aimed at ensuring the cybersecurity of vehicles, mandates manufacturers to implement measures to protect against unauthorized access, manipulation, and theft of data.

To comply with the regulations manufacturers must conduct and document risk assessment tests, implement appropriate cybersecurity measures, detect, and respond to possible cyber attacks, as well as log data to support the detection of cyber attacks. Considering the extent of risk assessment required, it is clear that automotive penetration testing serves as a crucial tool in achieving and maintaining compliance with UN R155 requirements.

The Importance of Collaboration for Cybersecurity Testing

Compliance with regulations may be time-consuming and costly for vehicle manufacturers. Therefore, collaboration between automotive manufacturers, cybersecurity experts, and regulatory bodies is essential for effective security assessments. Comprehensive solutions that allow for continuous testing, threat intelligence gathering, and integrating security measures into the development process are crucial to ensure cybersecurity best practices.

AutoCrypt CSTP serves as a comprehensive cybersecurity testing platform that enables automotive OEMs to conduct cybersecurity testing for regulatory compliance and share integrated results for vehicle type approval. The newly launched platform runs a variety of vulnerability testing techniques, like penetration testing, engineering specification testing, and fuzz testing, using test cases mapped out for UN R155/156 and GB (GB/T).

As vehicles become increasingly connected, securing them against cyber threats is paramount. Automotive penetration testing emerges as a vital practice in safeguarding vehicles and ensuring the safety and security of drivers and passengers. By adhering to best practices, collaborating with industry stakeholders, and staying on top of regulatory requirements, automotive manufacturers can build resilient vehicles capable of withstanding the challenges of the digital age.