Category: Blog

10 October, 2023 . 6 mins read

Exploring the Future of Mobility: What is a Software-Defined Vehicle?

In recent years, the automotive industry has been abuzz with the term “software-defined vehicle” (SDV). With an increasing number of original equipment manufacturers (OEMs) claiming to be at the forefront of SDV development, it’s essential to understand what truly makes a vehicle software-defined. In this blog post, we will delve into the concept of SDVs, their current state of development, and the industry trajectory for the future. 

The Ultimate SDV: What Does It Entail? 

Before we dive into the ultimate vision for SDVs, it’s crucial to recognize that modern vehicles already incorporate various software-defined features like in-vehicle infotainment, driver assistance systems, and cellular connectivity technologies. These features are adding advanced capabilities to our vehicles, digitizing the way we interact with our cars and improving the driving experience. However, they do not represent the final destination of SDV technology. 

The ultimate SDV is a vehicle that has undergone a profound transformation in its design and functionality. It is not just about adding software-enabled features, it’s about making software the central nervous system of the vehicle.  

An SDV’s value lies primarily in the software that enables advanced capabilities like cloud connectivity and autonomous driving. And while the hardware is still important, software will be the differentiating factor in new generation SDVs. Software maintenance and upgrading will be the most economical, convenient, and efficient way for future OEMs to provide a differentiated product and improve customer satisfaction. OEMs are spending countless resources on R&D to make this possible. 

The ultimate software-defined vehicle is a supercomputer vehicle that supports increased flexibility, customization, and remote upgradeability of functionalities.  

A crucial element that enables this level of flexibility in SDVs is cloud connectivity which powers over-the-air (OTA) software downloads and updates. Vehicle-cloud connectivity has the potential to significantly cut back costs for new software rollouts, as new functionalities can be introduced over-the-air without the need to alter underlying hardware.  

Besides development cost savings, OTA software implementation can create monetary value in the face of software subscription models for OEMs. We have already seen this phenomenon rise in the industry with the likes of Tesla offering subscription-based functionalities, like full self-driving, to its customers. 

The goal of the industry is to reach a point where vehicle software and hardware development can be done independently from each other. This will require the entire industry to embrace innovation and shift away from the traditional vehicle manufacturing process. 

Necessary Technology for SDVs 

Emphasizing the role of software in a vehicle will require separating vehicle software from its hardware. Achieving complete software and hardware decoupling requires a fundamental shift in vehicle architecture and supply chain operations.  

Traditionally, Tier 2 electronic control unit (ECU) manufacturers embed software within the hardware. This limits OEMs from implementing software changes down the road. The decoupling of software from hardware would allow the vehicle software to operate independently, similar to a smartphone. Applications can be downloaded from the app store and updated OTA. 

In addition, complete software-hardware decoupling has the potential to significantly accelerate software development times. This enables scaled and continuous software improvement across a vehicle’s serviceable life, all while incurring lower development costs.  

Reaching decoupling will take a complete reshuffling of the current distributed electrical/electronic (E/E) vehicle architecture into a centralized system defined by a central computing unit. This cardinal change is needed due to the fact that a distributed vehicle architecture cannot keep up with the increasingly higher computing power needed for SDVs. On the other hand, if a car has 100 ECUs, all of these ECUs would have different embedded software that could be based on completely different platforms. This makes software implementation very difficult, if not impossible.  

Centralizing vehicle electronics simplifies management and allows for more efficient software integration. The development of a centralized architecture would allow OEMs to implement software updates directly to the central processing unit, which is exponentially more time and cost-efficient. It will also encourage OEMs to utilize standardized or open-source software platforms for SDVs. This shift will allow for higher system integration within the vehicle and functions like high-speed connectivity to the cloud, other vehicles, and smart infrastructure. 

Moreover, open-source software is gaining traction in the automotive sector. Open-source software platforms provide a collaborative environment for developers to contribute to SDV technology, accelerating innovation. 

Current State and Future Trajectory 

The entire automotive industry is currently in the midst of the transformation towards software-defined vehicles. Normally, Tier 2 component suppliers, who are in charge of embedding software within their chips, do not have direct contact with OEMs and have to go through Tier 1 suppliers. However, nowadays we are witnessing a seismic shift in supply chain operations signified by a demand for software suppliers. Tier 2 and pure-play software developers are gaining a stronger position within the supply chain, indicating a shift towards prioritizing software expertise. As the automotive industry is going through a technological shakeout, the supply chain is also turning more horizontal, allowing for less restricted relations between supply chain participants. 

Furthermore, there is a rising trend of industry collaboration as automakers realize the complexity and scale of SDV development. We have seen some of the largest traditional OEMs welcome partnerships with technological companies. Stark examples are partnerships between Qualcomm and Mercedes-Benz, BMW and Amazon, BYD and Baidu, where automakers are turning to tech companies to spearhead SDV development.  

Cross-industry partnership is showing that the automotive sector is ready to stir away from tradition in the name of innovation.  

Regulations and Standards 

As the SDV landscape evolves faster than ever, regulations and standards play a crucial role in ensuring vehicle safety and security. The United Nations UNECE WP.29 set out two regulations for vehicle type approval. UN R155 addresses vehicle type approval with a focus on cybersecurity and cybersecurity management systems, and UN R156 mandates secure software updates and implementation of software update management systems. 

These regulations enforce software-defined vehicle development that is secure by design. UN R155 mandates that cybersecurity principles are implemented at the core of business processes, vehicle architecture design, risk assessment, and security control implementation. This means that cybersecurity regulations are implemented throughout the entire supply chain.  

While these regulations are legally binding for the countries that have signed the agreement, ISO/SAE 21434 serves as an international standard for road vehicle cybersecurity engineering. Companies may choose to adhere to this standard voluntarily. 

Enabling SDVs is more than just creating advanced software for vehicles. SDVs must be designed with cybersecurity as a core element. Regulations and standards ensure safe and standardized SDV development.  

The concept of software-defined vehicles represents a transformative shift in the automotive industry. The ultimate SDV envisions complete software and hardware decoupling, cloud-based software, and a smart, connected driving experience. With the industry’s current trajectory towards SDV development, coupled with evolving regulations, we are witnessing the dawn of a new era in mobility where software takes the driver’s seat. 

AUTOCRYPT secures the rapidly evolving mobility space with in-vehicle cybersecurity solutions developed according to WP29 and ISO standards. Backed by decades of expertise in automotive cybersecurity we ensure a safe transition to software-defined vehicles.  

To learn more about our services and solutions contact global@autocrypt.io

14 September, 2023 . 6 mins read

Risk Assessment for UN R155: A Closer Look at Vehicle Fuzzing

Have you ever wondered how vehicle manufacturers secure vehicles from cyber threats? The cybersecurity implementation process starts way before the vehicle hits the road and encounters any threats. During the manufacturing process, security experts hack the vehicle’s system to uncover any bugs and vulnerabilities that may be present in the embedded code. There are many different ways of doing that. One of them is called fuzzing. Fuzzing is a software risk assessment method that involves overflowing the system with random inputs to uncover bugs and vulnerabilities that are difficult to find through other testing methods. Fuzzing is done to test the vehicle’s software during the development process to make sure that the software is reliable and can be released to consumers.

Why do we need vehicle fuzzing?

In the automotive industry, original equipment manufacturers (OEMs) face regulatory obligations to address vehicle security risks. Compliance with UNECE WP.29 Regulation No. 155 (UN R155) requires vehicle manufacturers to implement an automotive cybersecurity management system (CSMS) to verify appropriate security measures in vehicle architecture. Here, the security measures signify comprehensive risk assessment, risk management, and mitigation procedures.

During the type approval process, manufacturers must verify the sufficiency of cybersecurity measures by demonstrating their risk identification and testing practices. Here is where fuzzing comes in.

Fuzzing is a technique for detecting software vulnerabilities by inputting intentionally invalid and unexpected data into the selected program with the intention to crash it. Doing this helps detect bugs and vulnerabilities in the software that may have not been found otherwise. Vehicle fuzzing can be viewed as an essential and comprehensive way to test if the system functions correctly, thereby verifying the sufficiency of security measures.

Functional testing and penetration testing, among others, can also be used to verify the sufficiency of cybersecurity measures for UN R155 approval. According to the regulation, OEMs not only have to disclose the results of these tests but also keep testing procedures up to date.

Who is responsible for fuzzing?

Even though vehicle manufacturers are responsible for the regulatory type approval, cybersecurity regulations are aimed at the entire automotive industry. So, fuzzing does not have to be done exclusively by the vehicle manufacturer. Tier 1 suppliers and software providers are often asked to provide fuzzing results for their software as well. Moreover, third-party white hat hackers conduct fuzzing along with penetration testing on vehicles and report any newly found vulnerabilities to the manufacturers to receive a bounty. This type of third-party fuzzing is becoming a common practice in the industry, allowing for a wider pool of cybersecurity experts to participate in strengthening vehicle cybersecurity.

Types of vehicle fuzzing

In fact, members of the AUTOCRYPT Red Team have won a major OEM’s bounty for discovering several vehicle vulnerabilities after independently conducting fuzz tests. This type of independent fuzz testing is called a black box test. In other words, a black box fuzz test defines a test where testers have no knowledge of the internal structure of the software, and perform tests by using only publicly available information. Led by award-winning ethical hacker Dr. Jonghyuk Song, AUTOCRYPT Red Team is known for its innovative approaches in black box fuzzing on CAN and IP protocols.

Other types of fuzz tests include gray box and white box fuzzing. During the gray box fuzz test hackers have no knowledge of the internal structure of the software, but some non-publicly available information is shared with them in advance. Gray box testing is one of the most commonly practiced fuzz tests in the industry. White box fuzzing is the most open type, where ethical hackers have access to the complete internal structure of the software.

The difference in the amount of information in each of the fuzzing types affects how the fuzzing test will be performed.

Performing vehicle fuzzing

The first step in the vehicle fuzzing process would be to choose the testing target device. Fuzzing is aimed at testing the software operations of a specific device in a vehicle and modern-day software-defined vehicles have no shortage of devices that need to be tested for potential bugs and vulnerabilities.

The next step is test case generation, which is when the intentional software overflow happens. The fuzzer generates random invalid inputs in the target device code to detect abnormalities. The intentional software “attack” happens during the test case delivery stage.

If the test is successful and the fuzzer detects an abnormality, the tool ceases operation. This happens because software overflow induces a system crash. Detected bugs are then reported and fuzzing has to be restarted to continue testing. The crash and restart process can make vehicle fuzzing a rather time-consuming endeavor. However, more advanced fuzzing solutions can automate operations to significantly reduce testing time.

For instance, AutoCrypt Security Fuzzer records the behaviors from the fuzzing target after a successful round of testing and automatically moves back to the second stage of test case generation. The results of the preceding tests are used to generate semi-random inputs using machine learning-based algorithms, greatly reducing fuzzing time while increasing the likelihood of bug detection. On top of that, if the Security Fuzzer causes a crash, it reproduces the same series of inputs based on the delivery history. Reproducing the test case allows for the replication of the test scenario, helping developers pinpoint the problems in the software. This algorithm-based smart fuzzing process allows for more precise and time-efficient testing.

Fuzzing is unique to its counterparts in that it can help uncover vulnerabilities that were previously unknown and help protect vehicle systems from zero-day attacks. Its special ability to detect unprecedented software issues makes it essential for vulnerability testing and risk assessment for UN R155. While complex and time-consuming, a fuzz test can be viewed as a health check-up that gives you an insight into how the systems are performing when there are no apparent symptoms present. When paired with other cybersecurity measures like penetration testing, a fuzz test can generate a holistic picture of in-vehicle systems operations and cybersecurity measure robustness.

To learn more about AUTOCRYPT’s vehicle cybersecurity testing measures and cybersecurity regulation compliance consulting services, contact global@autocrypt.io.

9 August, 2023 . 7 mins read

From Seoul to London: How Cities Customize Public Transport Payment

Public transportation is a cornerstone of modern urban living, offering convenience, efficiency, and sustainability for commuters worldwide. As cities continue to expand and mobility becomes more critical than ever, public transport payment methods have evolved significantly, incorporating more user-friendly features. From contactless smart cards to integrated mobile apps, we will explore how cities have revolutionized public transport payment to cater to the diverse needs of their residents and visitors.

Seoul, South Korea – Seamless commuting experience

Seoul, the dynamic capital of South Korea, is renowned for its high-tech public transportation system that bridges its vast urban landscape. The public transport system in Seoul is closely interconnected. Many of the subway and bus routes cross the city border, seamlessly linking Seoul to its surrounding suburban regions. Over a million people commute to Seoul from nearby regions like Incheon and Gyeonggi Province on a daily basis. These commutes often entail multiple transfers between subway lines or from subway to buses. To accommodate such an interconnected system, a common payment method that allows for convenient cross-city travel and smooth transfers is a must for a city like Seoul.

To ensure a seamless travel experience for passengers Seoul’s public transport authorities have incorporated a contactless payment system. Diversification of payment options creates additional convenience for users. In Seoul, you can use regular contactless-enabled bank cards, rechargeable T-money public transport cards, and single-use tickets to pay for your rides. The contactless payment system also supports alternative digital payments like the T-money mobile app and Samsung Pay.

Using a personal credit card for public transport is reserved for locals who can get a public transport payment-enabled card at Korean banks. T-money cards, on the other hand, are available to everyone. The T-money card functions as a rechargeable card that passengers can easily top up at various locations, such as through the mobile app, at subway stations, and convenience stores. Beyond its use in public transportation, the T-money card extends its service to payments at vending machines and convenience stores.

One of the key strengths of Seoul’s contactless payment system lies in its seamless integration across various modes of transportation. Whether taking the subway, hopping on a bus, renting a bike, or catching a taxi, commuters can utilize the same card for all their travel needs. The payment system also accounts for multi-modal commutes, offering discounts for transfers completed within 30 minutes from the previous ride. This integration minimizes the hassle of juggling multiple payment methods and encourages the use of public transport for travel in and outside of the city. The same contactless payment methods can also be used nationwide, making public transport payment universally convenient across South Korea.

Seoul public transport payment

London, United Kingdom – Convenience for locals and tourists

As one of the world’s largest cities, London boasts an extensive and intricate public transport network comprised of the underground, iconic two-decker buses, and railways. On top of having a multi-million population, the city welcomes millions of tourists from all over the world every year. London’s public transport system helps all of these people navigate the city on a daily basis.  

London’s public transport payment system is renowned for its flexibility. The system operates on a contactless basis on virtually all public transit in London, including buses, underground, overground, Docklands Light Railway (DLR), and most national rail services in the city. Users can pay for their rides with whatever payment method is the most convenient for them.

Passengers can use contactless credit or debit cards, as well as mobile payment options like Apple Pay, Samsung Pay, and Google Pay. London’s mass transit system also offers its own contactless Oyster card that is used as a rechargeable smart card. Users can top up their cards with credit to travel across the city effortlessly. To cater to tourists, the city offers Visitor Oyster cards that offer discounts on London’s popular attractions. The British capital’s public transport payment system’s flexibility caters to the needs of both residents and international travelers, offering users a wide variety of payment options to choose from.

One notable feature of London’s transport payment system is fare capping. The amount passengers pay for their daily or weekly travels is capped at a predetermined limit, equivalent to the cost of a pre-paid day/week travel card. Fare capping ensures that commuters never pay more than necessary, providing financial relief for regular commuters.

London is one of the most expensive cities in the world. For a city like this, public transport payment capping helps ease the financial burden of everyday commuting. Fare capping also makes public transport a more attractive alternative to other means of transportation like cabs and private cars, which helps ease traffic congestion in a city known for its narrow alleyways.

London public transport payment

Munich, Germany – Bridging analog and digital

Munich, a city renowned for its rich history and cultural heritage, has an efficient and reliable public transportation system operating a wide-reaching metro, trams, and buses. Payment for Munich’s public transport is done with an MVV (Münchner Verkehrs- und Tarifverbund (Munich Transport and Tariff Association))ticket, a rather traditional payment method compared to more high-tech contactless options.

The MVV ticket is a paper or electronic ticket that provides access to Munich’s extensive public transport network, including the U-Bahn (subway), S-Bahn (commuter trains), trams, and buses. Travelers can choose from various ticket options, such as single-ride tickets, stripe tickets for multiple rides, day passes, tourist cards, and weekly or monthly travel cards.

Munich’s public transport system is organized into multiple zones, and the MVV ticket fares differ across these zones. Due to the difference in fares, ticket prices are calculated according to the passenger’s journey. Multi-use tickets, like monthly and weekly pre-paid cards, also take zonal travel into account offering different ticket prices for different zones. Prior to boarding public transport passengers have to validate their tickets by stamping them in at stamping machines as there are no turnstiles on the subways performing automatic validation.

Because of Munich’s unique public transport structure, the payment system can seem rather analog. Passengers have to purchase new tickets quite frequently, which can be cumbersome. To make public transport payment more convenient for the users the city rolled out alternative ways to purchase tickets digitally. Munich has embraced mobile ticketing applications, like The MVV app, which allow travelers to purchase tickets on their phones. Some tickets can also be purchased on the MVV website. This kind of digitization implements more user-friendly practices in public transit payment while catering to the existing system’s operations.  

Munich public transport payment

Seoul, London, and Munich, each of these cities are unique in their public transit system operations and user demographics. Each city’s public transit authorities have successfully devised distinct payment systems that work best for them. These diverse approaches showcase how cities worldwide are leveraging technology to enhance the commuter experience. Making public transport more user-friendly is an important step in promoting sustainable transportation and reducing reliance on private vehicles.

As urbanization continues to shape the world, the lessons learned from Seoul, London, and Munich’s public transport payment systems offer valuable insights for other cities striving to create customized and user-friendly mobility solutions.

AUTOCRYPT utilizes its experience in secure fleet management and big data analytics to develop bespoke mobility platforms catering to clients’ needs. By embracing cutting-edge technologies and customer-centric approaches, AUTOCRYPT creates mobility platforms that customers want to use. Learn more about AutoCrypt® MOVE.

11 July, 2023 . 5 mins read

In-Vehicle Cybersecurity: A Closer Look at HSM and TEE

It has long been established that cybersecurity is essential to vehicle operations and needs to be implemented universally. However, it is important to note that automotive cybersecurity does not follow a one-size-fits-all approach. Different types of cybersecurity measures have their pros and cons and are more effective for certain types of vehicle architectures rather than others. While there are different types of vehicle cybersecurity measures available on the market today, this blog will discuss hardware security modules (HSM) and trusted execution environments (TEE), offering a closer look at two of the most robust vehicle cybersecurity solutions.

Why do we need in-vehicle security?

Modern vehicles have complex internal computing systems that enable superior functions like advanced driver-assistance systems (ADAS), vehicle-to-everything (V2X) communications, as well as network and cloud connectivity. These internal computing systems interact with each other and the external network, exchanging large amounts of data and signals. If these communication nodes lack appropriate security measures it leaves the vehicle vulnerable to cyber risk.

Wi-Fi, navigation systems, V2X communications, all of these network connection endpoints can be potential routes for cyber attacks. Hackers could breach into a vehicle’s internal system to steal private data like vehicle location, registration number, and even financial information. There is also the risk of hackers breaking into the vehicle systems to gain control of its functions. We saw this happen when two researchers hacked into a car through its cellular connection. After establishing a wireless access to the car, the hackers gained control of the vehicle’s dashboard, infotainment system, and even the engine.

This experiment revealed many vulnerabilities in vehicle internal systems security. It also solidified the importance of a layered approach to vehicle cybersecurity, where both the internal vehicle environment and the external communications are secured.

What is HSM?

One of the most robust cybersecurity solutions in the automotive industry is a Hardware Security Module (HSM). HSM is an external physical security unit that is installed into electronic control units (ECU). It safeguards vehicle communications and functional control systems with message cryptography. Typically, an HSM will include its own processor, cryptographic technologies, and dedicated memory for the hardware security firmware and secure data. Having its own processor, the HSM operates separately from the ECU, bearing the computational load of security functions.

The security module’s main job is to safeguard sensitive vehicle data during message exchanges. It does this by storing cryptographic keys, performing cryptographic operations, and verifying digital signatures to conduct authenticity checks for messages passing through the vehicle. This makes sure that data coming from outside of the vehicle is verified, and data leaving the vehicle is safely encrypted.

HSMs have been the industry standard in vehicle cybersecurity for their ability to safeguard valuable information from tampering. However, there is a problem of scalability with this particular cybersecurity measure. HSM is a security unit that has to be physically installed into ECUs within the vehicle. So, installing HSMs in cars with complex internal architectures and an abundance of ECUs may become costly.

There is also the issue of flexibility. Many modern luxury vehicles support over-the-air (OTA) systems like software downloads and updates. These OTA systems enable the installation of new functionalities into a vehicle without having to alter its hardware composition.

In a rapidly developing automotive industry, cybersecurity software needs to be able to adapt to vehicle software changes. This will be hard to achieve for a car secured only with hardware security modules. The hardware-software segregation in advanced vehicle architectures requires a more flexible approach to cybersecurity that ensures cybersecurity measures evolve hand-in-hand with vehicle software developments.

What is TEE?

A cybersecurity solution that works more effectively in centralized vehicle architectures with ever-evolving software structures is a Trusted Execution Environment (TEE). TEE is a software-based security measure that creates a secure and isolated environment within the application processor, separating critical operations from the rest of the system.

Critical operations and sensitive data can be executed and stored within the trusted execution environment, shielded from potential cyber threats. Similar to HSMs, TEEs have protected crypto libraries where sensitive information, such as cryptographic keys, can be securely stored and managed. They also provide secure communication channels between trusted components, ensuring that data transmitted within the secured area remains confidential and protected from the rest of the vehicle. This helps prevent unauthorized access or tampering.

For instance, the AutoCrypt IVS-TEE security solution offers OTA systems security with encryption and authentication technologies, making sure that only validated software is received and installed during OTA system updates. This is done to ensure that the software comes from an OEM and not a malicious actor.

While TEE and HSM offer similar cybersecurity measures they are very different in terms of implementation and execution. TEEs are built into the application processor’s chipset and can be implemented through software updates, making them more flexible and adaptable to changing security requirements. Leveraging a vehicle’s existing hardware resources, TEEs eliminate the need for additional security components, potentially reducing costs.

Establishing a TEE is a cybersecurity-by-design approach that ensures that there is a secure environment to run critical operations in every application processor.

Comparison of HSM and TEE structure

As vehicles become increasingly connected and autonomous, the importance of robust automotive cybersecurity methods cannot be overstated. HSM and TEE both play crucial roles in securing vehicles against cyber threats. HSMs excel in cryptographic operations and secure key storage, while TEEs create isolated execution environments within the main processor. By combining these methods, automotive manufacturers can maximize protection from external cyber threats and enhance the security of their vehicles.

AUTOCRYPT’s in-vehicle cybersecurity solutions provide complete protection for the vehicle-embedded systems minimizing cybersecurity risks.

To stay informed about the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.

14 June, 2023 . 7 mins read

The V2X Deployment Roadmap in Europe: Progress, Challenges, and What to Expect by 2024

Vehicle-to-everything (V2X) technology is widely regarded by industry experts as a promising solution to improve road safety and achieve full autonomous driving in the long run. However, to establish a functional and interoperable V2X ecosystem, all stakeholders must be on the same page. This article dives into the current V2X deployment progress in Europe and what to expect in the near future.

Europe is often seen as an optimal testbed for V2X technology and Cooperative Intelligent Transport Systems (C-ITS), not only because the continent has some of the world’s most developed and well-maintained road networks, but also because it is home to dozens of road transport operators and has the highest concentration of global automotive OEMs.

As a promising strategy for achieving Vision Zero, V2X deployment has been on the agenda in Europe since the early 2010s. To facilitate the rollout of C-ITS, European Member States and road infrastructure operators joined forces to establish the C-Road Platform, a joint initiative to establish an integrated and interoperable C-ITS network that spans across European borders.

In the private sector, many automotive OEMs have been integrating V2X onboard units (OBU) into their new vehicles. As one of the early adopters, Volkswagen has equipped V2X OBUs in its entire ID. electric vehicle lineup. BMW recently announced plans to deploy V2X technology in its vehicles for vehicle-to-grid (V2G) bidirectional charging. Mercedes-Benz also has plans to deploy V2X, but has been so far promoting its cloud service as a medium to provide real-time vehicle-to-vehicle (V2V) warnings.

However, despite all these efforts, we haven’t yet seen any large-scale V2X use cases on the continent. This raises many questions. How developed is V2X technology? Where is Europe on the V2X deployment roadmap? What are some of the challenges the industry is facing? What can we expect years down the road?

Is V2X technology ready for commercial use?

This would have been tough to answer in the past few years. But as of 2023, V2X technology is fully ready for implementation and commercial use. The reliability and safety of the technology have been repeatedly validated at cross-industry interoperability tests, with AUTOCRYPT being a major contributor to message security. A lot of roadside equipment is now V2X capable. And many OEMs have equipped their vehicles with V2X OBUs.

Where is Europe on the V2X deployment roadmap?

Europe is now entering an early stage of commercial V2X deployment. Still, to operate V2X services on a large-scale, more OBUs and RSUs need to be deployed. This can take up to a decade because consumers will keep their older cars for many years before upgrading. Time is also needed for road operators to install RSUs into their roadside equipment.

At this stage, is V2X deployment only a matter of time? The reality is more complicated. There remain a few challenges that are preventing OEMs and road operators from rolling out V2X at full speed.

What challenges does the industry face?

1. The divide between DSRC and C-V2X: into the hybrid era

The biggest challenge that has been slowing down V2X deployment was a lack of agreement among industry players on the communication protocol. The debate between the WLAN-based DSRC (dedicated short-range communications) and the LTE and 5G-based C-V2X (cellular V2X) has significantly slowed down the implementation of V2X. Each industry player has their own stance and preference, leading to an ongoing rivalry between the two technologies.

As of 2023, North America and China have mostly agreed on using C-V2X as the de facto V2X communication protocol, phasing out DSRC. However, Europe remains largely divided. Whereas Volkswagen uses DSRC for its vehicles, BMW and Daimler have both been in favour of C-V2X.

Fortunately, this divide is becoming less of an obstacle. Seeing that the European industry isn’t likely to reach a consensus anytime soon, V2X hardware providers, software suppliers, and cybersecurity providers like AUTOCRYPT have developed solutions compatible with both protocols so that industry players can continue V2X deployment without having to worry about compatibility.

Nevertheless, since DSRC and C-V2X are not meant to be interoperable at the fundamental access layer, more sophisticated hardware and additional development efforts are needed for dual compatibility. As such, although this hybrid approach can help the industry overcome its immediate interoperability issues, it is by no means an optimal solution in the long run. Many experts predict that one of the two protocols will eventually die off, ending the hybrid era.

2. A lack of incentives

Another obstacle that has been slowing down V2X deployment is the lack of incentives. In most conventional markets, the first mover often gains a competitive advantage because clients and consumers tend to associate the new idea or technology with the brand, just like how Tesla is strongly associated with electric vehicles and Uber with ride-hailing platforms. However, this kind of first-mover advantage is not present in the V2X market, because the full benefit of V2X can only be realized after multiple OEMs and road operators deploy them. Although Volkswagen equipped V2X into the ID. lineup, consumers haven’t been able to experience any significant benefits and thus no association is formed between V2X and the ID. brand.

Under such circumstances, governments and regulators must incentivize early adopters to accelerate V2X deployment. As of now, the idea of regulating V2X is still in debate. But with the joint effort of governments and several industry associations, more and more incentives are beginning to surface.

For instance, Europe’s new car assessment program, Euro NCAP, announced in its 2025 Roadmap that beginning in 2024, all new cars must be equipped with V2X connectivity to receive a five-star safety rating. This move will serve as an effective incentive for OEMs to deploy V2X in their vehicles on a large scale. The Euro NCAP further explained in the report that it chose this timing because it expects all technical uncertainties to be resolved by 2024.

3. Demand uncertainty

Currently, the public has very limited knowledge about V2X technology and its potential. In fact, many have never heard of the technology. This leads to uncertainty in market demand, as it’s hard to gain a grasp of demand when consumers haven’t been informed about the supply.

This isn’t to say that there will be a lack of demand. The potential demand for V2X is immense, given that consumers have always had strong desires for safety and convenience, both of which V2X has a lot to offer. Therefore, the question is not whether there is enough demand, but whether consumers are educated enough to understand how V2X can fulfill these demands. In the end, industry players must not only invest in the technology itself, but also in promoting the benefits of the technology by establishing innovative services and attractive consumer offerings.

What can we expect in the future?

Overall, V2X technology is now nearing the end of its testing stage and ready for large-scale development. Most of the challenges and obstacles that have slowed down V2X deployment over the past few years are now resolved. With more and more incentives, we can expect to see a kickstart to full-scale V2X deployment beginning in 2024.

For a more detailed analysis of the current progress and future prospects of V2X, download the full white paper below:

v2x 2024 prospect white paper thumbnail
Download White Paper

As one of the top five V2X security providers in the world (recognized by Markets & Markets), AUTOCRYPT has always maintained a position ahead of the market in terms of technology and innovation. Not only does its V2X security module support both DSRC and C-V2X, but its Security Credential Management System (SCMS) is fully compatible with all three major standards in the world, including the US SCMS, EU CCMS, and Chinese C-SCMS. To prepare OEMs for full-scale deployment, it released its Integrated Management System (IMS) for SCMS, allowing OEMs to manage millions of vehicle certificates on a single dashboard.

To learn more about AUTOCRYPT’s V2X security solutions and AutoCrypt SCMS, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

13 June, 2023 . 5 mins read

AI In Automotive Cybersecurity

The rise of artificial intelligence is signaling disruption in the technology industry. The likes of Microsoft, Google, and OpenAI are spearheading fierce competition to create the most advanced artificial intelligence aimed at improving the way we interact with technology. While intelligent language models like ChatGPT are already fascinating people with their abilities to deliver answers to given prompts, AI technologies currently available to the public are just the tip of the iceberg. In the automotive industry, artificial intelligence can streamline operations and improve efficiency throughout the supply chain. Utilization of artificial intelligence in the automotive cybersecurity sector can especially benefit threat detection and response.

The Need for Strengthened Vehicle Cybersecurity

Several decades ago vehicle security would entail door locks, car alarms, and airbags. While the same is still true, cybersecurity is becoming an essential part of automotive security. Ensuring full protection now includes shielding the vehicle from internal system malfunctions as well as external cyber threats. However, as cars turn more software-driven and connected, vehicle security is becoming increasingly complex.

A modern-day car contains multiple electronic control units (ECUs) responsible for in-vehicle electronic systems that regulate and perform various functions ranging from essential tasks like steering and engine control to more mundane ones like unlocking doors and rolling down windows. The number of ECUs in a given vehicle depends on the quantity and complexity of vehicle features. For instance, a contemporary luxury car can have up to 150 ECUs, and the number may continue growing if new functionalities and sub-systems are added. These ECUs communicate with different parts of the vehicle and other ECUs to keep the vehicle running. Each of these ECUs and their communication nodes must be secured to protect the vehicle from cyber threats.

Limitations of Conventional Automotive Cybersecurity

Keyless car theft, infotainment system attacks, malware, conventional automotive cybersecurity software is built to protect against these and many other known threats. Cybersecurity companies employ ethical hacking methods to ensure the timely discovery of system loopholes. In ethical hacking, white hat hackers are responsible for hacking vehicle systems to find weaknesses in the software and report it to the cybersecurity software developers, who then implement appropriate security measures.

The complex system architecture of modern vehicles contains dozens of ECUs and millions of code lines, all of which can be potentially exploited by malicious actors. Manually searching for vulnerabilities in these vehicles is like looking for a needle in a haystack. As vehicle systems get more complex securing them will become even harder. While ethical hacking helps companies develop resilient security measures against cyber attacks, this ad hoc approach to cybersecurity has its limitations.

The biggest challenge in automotive cybersecurity is protecting the vehicle from unprecedented danger, also known as a zero-day attack. These attacks exploit previously undiscovered vulnerabilities in vehicle systems to install malware or tamper with the vehicle. Protection against zero-day attacks necessitates a more sophisticated approach to automotive cybersecurity, which is where AI comes in.

The Potential of AI/ML-powered Cybersecurity

AI/ML-based systems analyze, classify, and train on large amounts of data to self-improve and make independent decisions down the road. When applied in automotive cybersecurity, machine learning algorithms can be implemented in the security software to learn common patterns of vehicle operations. A trained model will then be able to distinguish anomalies that fall beyond the scope of ordinary vehicle signals. If malicious behavior is detected the cybersecurity software will send alerts and shield the vehicle from danger. Even if a malicious actor exploits a previously unidentified vulnerability, an AI-powered anomaly detection model will be able to detect intrusions and prevent them.

A car’s digital communications are simple and more predictable than that of a typical computer network. Since signals exchanged during normal vehicle operations often follow fixed patterns, determining an anomalous signal is not very difficult. Therefore, employing unsupervised machine learning in cybersecurity is feasible. For instance, imagine a car driving on the highway at cruising speed that suddenly receives a breaking signal requesting to stop the car in the middle of the road. An AI-powered security software will be able to differentiate this unusual command from a common driving pattern. The system will then block the anomalous signal and send it over to the security experts for further action.

While perfecting a fully AI-based cybersecurity software may take years, some companies are already leveraging the power of machine learning in their solutions. One example is AutoCrypt Security Fuzzer, which is an automated testing solution that employs an AI-based algorithm to input semi-random test cases into selected systems to reveal errors in vehicle software. The solution essentially causes intentional crashes in the system to expose software vulnerabilities that need to be addressed. An AI-based security fuzzer greatly reduces testing time, streamlining the ad hoc approach to cybersecurity implementation.

Due to the self-improving nature of artificial intelligence, the potential of AI in automotive cybersecurity is limitless. The speed of developments in the automotive sector requires cybersecurity measures that are just as agile. Leveraging artificial intelligence in vehicle cybersecurity will help address the risks of zero-day attacks and mitigate threats in a timely and efficient manner.

To stay informed and updated on the latest news about AUTOCRYPT and automotive cybersecurity, subscribe to AUTOCRYPT’s official newsletter.