Category: Blog

16 July, 2024 . 5 mins read

Enhancing Public Charging Stations with Plug & Charge

ISO 15118 – a seemingly obscure collection of letters and numbers – signifies one of the most progressive standards in electric vehicle (EV) charging. The ISO 15118 standard, formally known as “Road Vehicles – Vehicle to Grid Communication Interface,” establishes the communication protocol between a vehicle and the charging grid. This standard laid down the foundation for Plug & Charge (PnC), a feature that establishes encrypted communication between an EV and a charging station.

While the technology has not been mandated by any government yet, many prominent charge point operators (CPO) and vehicle manufacturers are implementing it. This article will dive into how implementing Plug & Charge would elevate public charging stations to the next level, offering numerous benefits and opportunities for the industry.

Plug & Charge and Cybersecurity

With Plug & Charge the often multi-step charging process becomes as simple as plugging in your EV to the charger. The ISO 15118 protocol enables a seamless charging process where a charger can automatically identify and verify a plugged-in vehicle, authenticating the charging process and processing the payment without human intervention.

This technology requires a high level of communication between vehicles and infrastructure which may raise concerns about security. It is important to note that Plug & Charge was designed with cybersecurity at its core. The technology uses public key infrastructure (PKI) based cryptographic mechanisms to enable two-way authentication and end-to-end encryption during the charging process. By using asymmetric cryptography – a pairing of a public and private security key, neither of which can be decrypted without the other – the charging station is able to verify an EV’s identity and vice versa. This level of encryption guarantees confidentiality in every exchange, creating a secure environment for EV drivers to charge their vehicles without worrying about cyber attacks or data breaches.

Improved User Experience

Plug & Charge significantly improves user experience by making the entire charging process seamless. EV owners set up their payment and authentication information during vehicle purchase and this information is automatically communicated to the charger when the car is plugged in.

In the modern world, where hassle-free is king, public charging stations can generate a lot of value by implementing the technology. Considering how charging is one of the biggest obstacles to EV adoption rates, improving charging experience is one of the sure ways to aid adoption.

According to a survey conducted by BCG, EV drivers ranked charger reliability, charging time, and ease of use among their top priorities when charging in public. Charging stations that implement Plug & Charge to enhance performance on these metrics will improve their competitiveness, simultaneously raising the overall standard for public charging user experience.

Path Toward V2G Implementation

Apart from instant benefits, implementing Plug & Charge creates a foundation for further technological improvements. Most importantly, it paves the way for Vehicle-to-Grid (V2G) implementation. ISO 15118 is designed for vehicle-to-grid communications and grid optimization. Integrating Plug & Charge in public charging stations will equip the infrastructure with the necessary technology for smart charging applications.

Why is this important? The smart charging mechanism in ISO 15118 allows for sustainable management of energy supplied through the grid. It does that by matching the grid’s capacity with the energy demand of electric vehicles plugged in to the grid. This optimization allows vehicles to charge during periods of high energy availability or when overall electricity usage is low, reducing strain on the electricity grid and promoting sustainable energy usage. The benefits of this technology will only grow as EV adoption rates rise with time.

Another feature outlined in ISO 15118 is bi-directional charging, which allows vehicles to receive and supply energy from and back to the grid. This benefits both the grid and EV owners. On the grid side, electric vehicles can serve as mobile energy storage units that supply electricity back to the grid during periods of high demand. On the customer-side, it offers EV owners a chance to earn extra cash or energy credits by selling electricity back to the grid. Bi-directional charging creates a symbiotic relationship between the electricity grid and electric vehicles, helping maintain balance and energy efficiency.

Implementing Plug & Charge in public charging stations presents a significant opportunity to enhance the EV charging experience. High level of cybersecurity, seamless charging process, and readiness for V2G integration make Plug & Charge a valuable investment.

As a trusted PnC implementation partner, Autocrypt worked closely with various CPOs and OEMs to deploy secure PnC. Recently, Autocrypt joined forces with Emobi, a US-based e-mobility hub, to launch the first US-based PnC ecosystem.

As the demand for EVs continues to grow, the adoption of standards like ISO 15118 and features like Plug & Charge will be crucial in supporting the sustainable and efficient expansion of EV infrastructure.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

3 July, 2024 . 5 mins read

High-Precision V2X Positioning: Why Centimeter-Level Accuracy Matters

In the rapidly advancing field of automotive technology, Vehicle-to-Everything (V2X) communication is becoming a cornerstone for future transportation systems. A fundamental element in V2X is positioning, which involves recognizing a vehicle’s absolute and relative positions concerning other surrounding objects. This article delves into why achieving high-precision positioning is crucial in V2X communication, the technologies enabling centimeter-level accuracy, some applications that benefit from such precision, and technology development considerations.

Importance of Achieving High-Precision Positioning in V2X Communication

The value proposition of V2X technology lies in road safety and road-traffic optimization. And while the technology has come a long way there is still some room for growth. To maximize the benefits of V2X the technology must achieve high-precision positioning.

One of the most proposed use cases of V2X, autonomous driving, requires a very high level of positioning accuracy because even minor errors can lead to fatal accidents. The goal of the industry is to provide precise and reliable positioning that ensures that autonomous vehicles can navigate safely and efficiently at any time in any environment.

Technologies Enabling Centimeter-Level Accuracy

Common positioning technology like Global Navigation Satellite System (GNSS) is already widely used in V2X positioning. While GNSS is exceptional at pin-pointing a car’s location in an open landscape, it is not suitable for congested urban environments with tall buildings and tunnels, where signal blockages often occur. Therefore, supplementing GNSS or employing more sophisticated technology is a crucial step to ensuring high-accuracy positioning in V2X.

Several technologies contribute to achieving centimeter-level positioning accuracy:

Cellular Positioning uses the cellular network to exchange dedicated positioning signals. Cellular networks offer more precise positioning than GNSS but are limited by geographical coverage.

Inertial Navigation System (INS) uses motion sensors and computational units to continuously calculate the vehicle position relative to its corresponding initial position. The major pro is that INS is not dependent on any external information. However, the system performance degrades with time due to the accumulation of measurement errors at each calculation.

Sensors and HD Maps can achieve centimeter-level positioning but are costly and require significant computational power. Sensors offer detailed information about vehicle surroundings but they may malfunction or be disrupted by cyber attacks, meaning that sensors are not always reliable. On the other hand, HD maps offer high-precision positioning and a 360-view of the road, however, the performance is highly contingent on the quality of map data. Furthermore, HD maps perform well only if the physical environment remains unchanged, which is not realistic in growing and ever-changing urban environments.

Each positioning method has its pros and cons. The good news is that they can supplement each other’s weaknesses and offer multiplied benefits, suggesting that a hybrid approach may be ideal. Hybrid Data Fusion Method of Positioning combines data from multiple sources, such as GNSS, INS, cellular networks, and HD maps, to improve positioning performance in V2X applications. By merging data collected from various sources, the final positioning result is more refined, accurate, and reliable than what could be achieved using any single method.

Applications Benefiting from High-Precision Positioning

While not all V2X applications will require high-precision positioning, several V2X use cases significantly benefit from centimeter-level positioning.

High-precision positioning is essential for autonomous driving as it enables vehicles to navigate safely and efficiently in complex road scenarios, maintaining their lane and avoiding obstacles.

In addition, accurate positioning is crucial for systems designed to prevent collisions by alerting drivers to potential hazards in real-time. Anti-collision warnings require robust high-precision positioning, since vehicles need to be able to identify dangers even in the most chaotic and unexpected road conditions.

High-precision positioning is also extremely beneficial for more mundane uses of V2X technology like parking assistance. Systems that assist with parking rely on precise positioning to maneuver vehicles into tight spaces, helping drivers avoid accidents in crowded parking lots.

V2X Technology Development Considerations

There are 2 main requirements and considerations that need to be accounted for in order to achieve consistent, stable, and accurate positioning at all times.

Variable Accuracy Requirements: Different use cases require different levels of accuracy. For example, a pre-crash warning system needs more accurate positioning than a congestion alert. Which means that not every positioning technique will be able to respond to the demands of some applications. Therefore, a larger number of technologies needs to be developed to ensure the required positioning accuracy for more sophisticated V2X use cases.

Cost Considerations: A number of technologies offering centimeter-level positioning, such as sensors and HD maps, require large computational power as well as advanced and expensive technology. At the current stage, one set of technology would not provide the sufficient accuracy for more advanced V2X applications. Hence, implementing and maintaining multi-level systems capable of achieving exceptional positioning accuracy may need a sizable investment at the initial stages of technological advancement. However, as the technology matures the costs will naturally decrease. In addition, the expected benefits of V2X technology, like increased traffic efficiency and reduced road accidents, will generate substantial cost savings down the line.

As the automotive industry advances towards greater automation and connectivity, the importance of high-precision V2X positioning becomes increasingly evident. Centimeter-level accuracy is essential for ensuring the safety, efficiency, and reliability of advanced V2X applications. By leveraging and combining advanced positioning techniques, the industry can achieve the level of precision needed to fully realize the potential of V2X. This progress will pave the way for a safer, smarter, and more connected transportation system.

To stay informed and updated on the latest news about AUTOCRYPT and vehicle-to-everything technology, subscribe to AUTOCRYPT’s newsletter.

20 June, 2024 . 5 mins read

V2X Development Projects Around the World

The past 5 years were rich in new developments in the world of connected driving, with governments announcing huge grant opportunities for organizations willing to develop and implement Vehicle-to-Everything (V2X) systems infrastructure.

The advantages of widespread V2X implementation are well recognized, particularly in terms of enhanced road safety and reduced carbon emissions. However, the primary challenge in V2X deployment is the ‘hockey stick’ value proposition, where the benefits become substantial only after mass technology deployment. Therefore, a collaboration between government, academia, and the private sector is crucial to advancing the industry.

Global V2X Development Projects

V2X development projects around the globe vary significantly in scale and focus, yet they share the common objective of creating a V2X infrastructure that enhances safety and efficiency in the transportation sector. Below are some notable projects and deployments around the world.

United Kingdom

As part of the V2X Innovation Program supported by the UK Government Initiative, the Rural Energy Resilience Program is exploring new vehicle-to-grid (V2G) and energy management technologies. This project connects local car clubs, community buildings, renewable energy providers, and distribution network providers, deploying various V2G charging points across the community.

The program’s aim is to equip local community buildings with bi-directional chargers featuring V2G functionality. The buildings serve as a rest spot for people who need to charge their EVs, boosting local economies. The community buildings also benefit from energy optimization with access to flexible grid services, which provides back up electricity storage during power outages. Beyond stabilizing energy grids for communities with electricity constraints, the project also enhances transportation options in areas with limited public transport.

United States

The United States has multiple grant schemes aimed at promoting the development of advanced transportation technologies, with both the United States Department of Transportation and the Federal Highway Administration supporting the development of V2X projects. One notable initiative is the Advanced Transportation Technology and Innovation (ATTAIN) program, which encourages the use of advanced technologies to improve safety and reduce travel times for drivers and transit riders.

The University of Michigan’s Transportation Research Institute is a beneficiary of the ATTAIN program. As part of this program, UMTRI deployed over 70 roadside units (RSUs) at intersections in Ann Arbor and retrofitted 100 vehicles with low-cost aftermarket onboard units. This connected environment allows vehicles to communicate with each other, infrastructure, the cloud, cellular networks, pedestrians, and other vulnerable road users.

The project is conducted in partnership with the city of Ann Arbor, Ford, Qualcomm, and others. Aiming to boost safety for passengers, pedestrians, and residents by connecting vehicles to each other and nearby infrastructure, the project sets a baseline for future V2X infrastructure deployments in the United States.

University of Michigan has been a testbed for numerous other V2X projects, one of which is the OmniAir Plugfest. Autocrypt participated in the plugfest to test its V2X-PKI in a collaborative environment with other cybersecurity experts, test laboratories, and deploying agencies. The aim of the plugfest was to demonstrate SCMS interoperability to advance nationwide deployment of V2X technologies.

Singapore

Nanyang Technological University (NTU) is leading the development of Singapore’s first 5G cellular vehicle-to-everything (C-V2X) testbed. As part of the NTU Connected Smart Mobility (COSMO) program, the 200-hectare NTU Smart Campus hosts a testbed leveraging ultra-fast 5G technology to enhance connected mobility.

Partnering with the telecommunications company M1, NTU deployed three 5G base stations to enable reliable communications for a wide range of sensors on vehicles and transport infrastructure. C-V2X equipment were installed in shuttle buses and autonomous vehicles to conduct real-world vehicle localization tests and assess the 5G network’s performance. The testbed allows industry partners to co-design and deploy innovative connected mobility solutions, focusing on safety-critical applications such as collision avoidance, real-time traffic routing, and network security.

The NTU Smart Campus testbed aims to develop a safer, more efficient, and reliable transportation infrastructure, fostering the development of connected mobility in Singapore.

China

China is a leader in global V2X deployment, with the government partnering with the private sector to roll out numerous V2X initiatives and large-scale testing sites across the country to test the technology in diverse conditions.

The Tianjin National Pilot Area was created to explore various application scenarios of V2X, build an open and innovative industrial ecology, and explore feasible ways to test V2X systems. The first phase of the pilot zone covers 48 km of open road area equipped 67 intersections with full-range perception infrastructure and V2X communication nodes.

The main goal of the pilot zone is to verify the security of V2X messages exchanged through the network. 20 security scenarios were laid out across 7.6 km of open road for enterprises to verify the security of V2X mechanisms like secure communication protocols, security certificate applications, and certificate management. The pilot area has been utilized to test over 100 cases for traffic safety, traffic efficiency, and information services.

The global efforts in developing and implementing V2X technology illustrate the collective ambition to enhance road safety, optimize traffic flow, and decarbonize roads. By fostering close collaboration among governments, academia, and private enterprises, these projects demonstrate the potential of V2X technology to revolutionize transportation. As these initiatives continue to advance, they pave the way for a more connected, efficient, and safer future in mobility, ultimately benefiting societies worldwide.

To learn more about AUTOCRYPT’s V2X security solutions, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

31 May, 2024 . 3 mins read

Securing Vehicles with Automotive Intrusion Detection Systems (IDS)

It has long been established that cybersecurity is becoming more important in the automotive industry. The mass adoption of cybersecurity practices in the industry is in line with the development of vehicle technology. Nowadays vehicles have more complex internal structures and are more exposed to external communication channels, meaning that there are more endpoints that need protection from cyber threats. Automakers are turning to various cybersecurity approaches to secure their vehicles, one of the most common ones being automotive intrusion detection systems (IDS).

What is an Automotive IDS?

An automotive IDS is an intrusion detection system adapted specifically for the automotive industry. These solutions monitor network traffic entering and traversing the vehicle, as well as the activities within the vehicle’s components, to detect traffic anomalies or potentially malicious activity. IDS compares the monitored traffic and behaviors against a database of known cyber threats and attack patterns. If a match is found, it raises an alert to the relevant administrators or security personnel to address.

Automotive IDSs typically employ two main detection methods:

1. Signature-based detection: Matches observed activity against a database of known malicious patterns or signatures.

2. Anomaly-based detection: Identifies deviations from established normal network behavior or activity baselines, flagging any unusual activities that might indicate a potential intrusion.

It’s important to note that an intrusion detection system is a monitoring tool, meaning it detects threats but does not actively prevent or mitigate them. Upon detecting anomalous behavior or a potential threat, the IDS sends an alert, allowing administrators to investigate and take appropriate action.

Types of Automotive IDS

IDSs are categorized based on their deployment location and the scope of activity they monitor. In the automotive context, we will discuss two main types:

1. Network-based IDS (N-IDS)

A network-based IDS monitors the entire vehicle network for anomalous activity, checking all incoming and outgoing traffic. This provides a broad, network-level view of potential threats and can detect attacks targeting the vehicle’s communication channels or network infrastructure.

2. Host-based IDS (H-IDS)

A host-based IDS is a security software designed to monitor the activities of an individual host or vehicle component, such as an Electronic Control Unit (ECU). It focuses on detecting threats targeting specific systems or components within the vehicle, providing a more granular level of cybersecurity monitoring.

While implementing either one of these intrusion detection system types will help protect an automobile from cyber attacks, most contemporary vehicles will benefit from a mix of both host-based and network-based IDS. For instance, Autocrypt’s IDS combines both network-based and host-based IDS to ensure maximum threat monitoring coverage across the vehicle’s network and individual components.

Comprehensive Vehicle Protection

To ensure comprehensive vehicle protection, automakers are highly advised to implement multiple cybersecurity solutions simultaneously. Since an IDS is a monitoring-only device, pairing it with an Intrusion Prevention System (IPS) would ensure that malicious activities are not only detected but also mitigated.

Additionally, implementing diverse cybersecurity measures will help automakers better address the requirements of vehicle cybersecurity regulations like UN R155 and R156, which mandate cybersecurity throughout the entire vehicle lifecycle.

By adopting a multi-layered approach with complementary cybersecurity solutions like IDS, IPS, and others, automakers can significantly enhance the overall security posture of their vehicles, safeguarding them against a wide range of cyber threats in today’s connected automotive landscape.

Visit our in-vehicle security solutions page to find the solution that best fits your cybersecurity needs.

Follow AUTOCRYPT on LinkedIn to stay informed about our latest news and blogs.

9 May, 2024 . 3 mins read

Compliance with UN R156: Securing Vehicle Software Updates

In the past, vehicles were purchased with a fixed set of functionalities that remained unchanged until the owner acquired a new vehicle. However, modern cars have evolved into customizable platforms with software that can be continuously updated and enhanced.

To meet the growing demand for personalization and remain competitive, manufacturers now offer advanced features that can be subscribed to and downloaded onto vehicles at any time after purchase. These functionalities, such as entertainment applications, driver assistance systems, self-driving capabilities, and others, are constantly being improved and updated.

Maintaining this kind of flexible software structure requires vehicle manufacturers to implement periodic update procedures. However, since these updates essentially alter the vehicle’s software and carry a fair amount of potential risks, it is crucial that they are implemented in the most secure way possible. This is where the UNECE Regulation 156 (UN R156) comes into play, establishing a much-needed framework for secure vehicle software updates.

UN R156 Requirements

UNECE Regulation 156 establishes the minimum cybersecurity and Software Update Management System (SUMS) requirements for vehicle manufacturers. According to the regulation, manufacturers must implement the SUMS and demonstrate that they have the necessary processes in place to comply with all secure software update requirements. The requirements can be divided into two main categories:

  1. Software Update Management System Requirements: These include securing communication channels for updates, validating software integrity, implementing access control mechanisms, and maintaining update logs for auditing purposes.
  2. Vehicle Type Requirements: Specific rules and standards that vehicles must meet to ensure secure software updates.

As vehicles become increasingly software-defined, the ability to update their software securely and efficiently is paramount as unsecured software updates can leave vehicles vulnerable to cyber threats, such as malware infections, data breaches, or even remote control of vehicle systems. These risks can compromise vehicle safety, privacy, and security, making it essential to implement robust cybersecurity measures for software updates.

Securing Updates for UN R156 compliance

UNECE Regulation 156 requires manufacturers to implement appropriate cybersecurity measures to mitigate potential risks from software updates. These measures include:

  • Implementing a software update management system
  • Securing communication channels for update processes
  • Validating software integrity to prevent tampering
  • Implementing access control mechanisms to protect against unauthorized access
  • Maintaining update logs for auditing purposes

AUTOCRYPT offers a suite of in-vehicle cybersecurity products and solutions that implement the necessary security processes in line with UN R156 requirements for secure software updates. Apart from cybersecurity implementation, we also offer UN R155/156 compliance consulting services. Visit our UNECE WP.29 Consulting page to learn more and download the WP.29 regulation checklist outlining the steps for UNECE regulation compliance.

As the automotive industry continues to embrace software-defined vehicles, UN R156 plays a crucial role in ensuring the safe and secure updating of vehicle software. By establishing baseline requirements for cybersecurity and software update management systems, this regulation helps protect vehicles, their occupants, and the broader transportation ecosystem from potential cyber threats. Compliance with UNECE Regulation 156 is a critical step towards building a safer and more secure future for the automotive industry.

12 April, 2024 . 4 mins read

Cybersecurity Management System for UNECE Regulation 155

The automotive industry is entering an important stage of cybersecurity implementation. In July of 2024, UNECE Regulation 155 (UN R155) about vehicle cybersecurity and Cybersecurity Management Systems (CSMS) is coming into full force. What does this mean for the larger automotive industry?

Vehicle manufacturers across the 64 WP.29 member countries will be required to adhere to regulatory compliance measures outlined in UNECE Regulation 155. Vehicles that do not comply with the regulations will not be eligible for registration starting July 2024. We can already see how the regulation is affecting the industry in the recent Porsche announcement. The company stated that they will be discontinuing the combustion-powered 718 Boxster convertible and the 718 Cayman models in certain countries, due to not meeting the cybersecurity standards outlined in UN R155 legislation.

UN R155 is a set of regulations developed by the United Nations Economic Commission for Europe (UNECE) pertaining to cybersecurity in vehicles. The regulation establishes cybersecurity requirements for the vehicle manufacturing process and vehicle type approval, aimed at enhancing the security of connected vehicles and increasing resilience against cyber threats.

Essential Approval Requirements

The essential UN R155 approval requirements for automotive cybersecurity, address standards and protocols for securing connected vehicles against cyber threats. However, UN R155 does not only focus on vehicle cybersecurity. The regulation oversees the entire vehicle manufacturing process, enforcing cybersecurity measures to be incorporated on an organizational level and throughout the vehicle’s entire lifecycle.

OEMs wishing to receive UN R155 approval must implement a cybersecurity management system that verifies secure operations throughout the vehicle development, production, and post-production phases.

Upon CSMS implementation OEMs must go through a CSMS assessment process, also known as a CSMS audit, that will be conducted by an appointed Approval Authority. During a CSMS audit, the Approval Authority assesses and verifies the manufacturer’s compliance with the requirements outlined in UN R155. If the assessment deems cybersecurity management system implementation successful, the OEM obtains the Certificate of Compliance for CSMS. The Certificate of Compliance is valid for three years and can be extended upon expiration.

Requirements for CSMS

The requirements for the Cybersecurity Management System are holistic in nature and call for vehicle manufacturers to follow cybersecurity-by-design principles. From a grander organizational perspective to granular vehicle attack vector assessments, the CSMS requirements seek appropriate cybersecurity measures that continuously monitor, detect, and respond to cyber threats across the vehicle development lifecycle According to UN R155, vehicle manufacturers should ensure that their Cybersecurity Management System complies with the following stipulations:

1. The vehicle manufacturer shall demonstrate that their CSMS applies to the vehicle development, production, and post-production stages.

2. The vehicle manufacturer shall demonstrate that the processes used within their CSMS to ensure security is adequately considered and implemented continuously. This requirement entails cybersecurity management processes, risk identification, assessment, and mitigation.

3. OEMs are expected to stay on top of new cyber threats and vulnerabilities, keeping their security measures current.

4. Vehicle manufacturers must be able to provide relevant data to support analysis of attempted or successful cyberattacks to their designated Approval Authority.

5. OEMs shall demonstrate that the processes used within their CSMS will ensure that cyber threats and vulnerabilities are addressed and mitigated within a reasonable time frame.

6. Vehicle manufacturers must be able to demonstrate how their CSMS will manage dependencies that may exist with suppliers, service providers, or manufacturer’s sub-organizations. This means that OEMs are accountable for implementing and verifying cybersecurity practices along their supply chains.

Requirements beyond the CSMS

Meeting cybersecurity management system requirements and obtaining the CSMS Certificate of Compliance is the first step of the regulatory compliance process. UN Regulation 155 also includes an array of cybersecurity requirements for vehicle type approval. The type approval process focuses on the effectiveness of the security measures implemented in the actual vehicle and its components.

Our latest ebook delves into the key vehicle components to focus on for UN R155 type approval and can offer insight into how different vehicle components require different types of cybersecurity measures. 

Download eBook

UNR155 download button

Automotive cybersecurity implementation cannot be done in a one-size-fits-all manner. Different OEMs will have different cybersecurity and testing needs based on their organizational structures, vehicle manufacturing processes, and supply chains. With industry-leading expertise accumulated through years of experience in cybersecurity implementation, AUTOCRYPT offers professional consulting services for automotive OEMs and suppliers in establishing the CSMS.

To learn more about our CSMS Consulting Services and cybersecurity regulation compliance, contact global@autocrypt.io.