Category: Blog

19 January, 2023 . 7 mins read

All You Need to Know About V2X PKI Certificates: Butterfly Key Expansion and Implicit Certificates

AutoCrypt SCMS now supports Butterfly Key Expansion for both implicit and explicit certificates of the V2X PKI ecosystem. This article explains why Butterfly Key Expansion is necessary for the SCMS and why implicit certificates might be a useful alternative to conventional certificates.

Vehicle-to-everything (V2X) communication allows vehicles to communicate with other vehicles and road entities for safety warnings, traffic coordination, and eventually vehicle-infrastructure cooperated autonomous driving (VICAD). Given that these V2X messages are critical to road safety, a vehicular public key infrastructure (PKI) known as the Security Credential Management System (SCMS) has been adopted worldwide to protect the integrity of V2X messages and the privacy of road users. V2X PKI certificates, or SCMS certificates, are therefore a crucial enabler of secure V2X communications.

What Is Unique About V2X PKI Certificates?

What makes V2X PKI certificates unique? The most significant difference between IT and V2X authentication is that IT authentication is centralized and hierarchical. Users use their digital signature to reveal their identity to the server, after which the server verifies the identity and grants the user access. There is apparently no need for users to prove their identity to other users. On the other hand, V2X authentication is decentralized, where users (vehicles) need to verify each other’s identity without revealing it. Sounds contradictory? This is made possible by using pseudonym certificates.

In the SCMS, pseudonym certificates are issued by authorization certification authorities (CA) to every road user (vehicle). As suggested by its name, these certificates are pseudonymous and thus do not contain the vehicle’s identity, but instead contain proof that the vehicle’s identity had been verified by the CA and that it is a legitimate entity.

Furthermore, to prevent a stalker from spying on the same pseudonym certificate over an extended period to trace its travel routes and behaviours, pseudonym certificates have very short validity periods. For an average private vehicle, up to 20 pseudonym certificates are issued weekly, rotating every few hours to prevent tracing. These numbers can vary depending on local regulations and the importance of the passenger. For instance, the vehicle for a head of state might require non-rotating, one-time pseudonym certificates issued every five minutes.

What Is Butterfly Key Expansion?

Every time a vehicle requests a pseudonym certificate, the responsible CA needs to sign a new certificate and return it to the vehicle. Given that a typical vehicle needs up to 20 certificates per week, the CA needs to sign over a thousand certificates to a single vehicle over a year. This is a scale never seen before in the IT or financial industry. As more and more vehicles join the V2X environment, it can soon become difficult for CAs to cope with the growing number of requests.

With advancements in cryptographic construction technology, a novel approach known as Butterfly Key Expansion now overcomes this disadvantage. Butterfly Keys allow a vehicle to request an arbitrary number of certificates all at once; each certificate with a different signing key and each encrypted with a different encryption key. A request using Butterfly Key Expansion contains only one signing public key seed, one encryption public key seed, and two expansion functions that enable expansion. Therefore, Butterfly Keys are very useful for requesting pseudonym certificates as they can drastically decrease the number of requests needed.

Note that Butterfly Keys are not needed for issuing application certificates* to roadside units (RSU). Since privacy is not a concern to roadside infrastructures, application certificates are issued once at a time and have very long validity periods, meaning that application CAs are fully capable of dealing with the volume of requests.

(*Pseudonym certificates are used by vehicles for self-identification in V2V communications, whereas application certificates are used by roadside infrastructures for self-identification in V2I applications.)

Explicit vs. Implicit Certificates

Pseudonym certificates can be constructed in two different forms: conventional (explicit) certificates and implicit certificates. Conventional certificates consist of three distinct pieces of data: 1) a public key, 2) the digital signature of the CA, binding the public key to the vehicle’s identification data, and 3) the vehicle’s identification data. During V2V message transmission, the sender signs the certificate with the private key, after which the receiver uses the public key in the certificate to verify and view the message. In this process, the sender’s identity is “explicitly verified” because by opening the message, the receiver knows that the sender is the only entity holding the private key. As such, these certificates are also known as explicit certificates.

However, a disadvantage of explicit certificates is that, since they contain three distinct pieces of data, their size can range between 2,000 bits to 30,000 bits, depending on the level of security needed. Such a size isn’t a concern in and of itself. But in the V2X environment, where traffic volume is high and transmission speeds are pivotal, smaller sizes can be more advantageous.

To enable speedier message transmission and more efficient certificate issuance, a new form of V2X PKI certificate is gaining popularity. Known as implicit certificates, or Elliptic Curve Qu-Vanstone (ECQV), these certificates contain the same three pieces of data as explicit certificates do, but do not carry them as three distinct elements. Instead, the public key and the digital signature are superimposed, leaving a single reconstruction value that is similar in size as the public key. The receiver of the message uses this reconstruction value to reconstruct the public key and verify the message. The way in which the public key and the digital signature are superimposed means that by verifying the public key, the digital signature and the legitimacy of the sender get “implicitly verified”.

Since implicit certificates contain a single reconstruction value, they are much lighter and thus require much less bandwidth to transmit. The typical size of an implicit certificate is only 200 to 500 bits, which is ideal for the SCMS, where a large volume of certificates needs to be transmitted within a constrained timeframe.

The concept of implicit certificates is developed and patented by Blackberry Certicom. Nevertheless, CAs are free to issue implicit certificates for applications in the SCMS in accordance with IEEE 1609.2.

V2X PKI Regional Requirements and Preferences

As mentioned earlier, Butterfly Key Expansion is only beneficial for issuing pseudonym certificates and is not used for generating application certificates. The same is true for implicit certificates. The lightweight advantage of implicit certificates is best seen when applied to pseudonym certificates, but less significant when applied to application certificates. Given that the mechanism behind implicit certificates is more complex, some parts of the world prefer to stay with explicit certificates.

As a result, a mix of different mechanisms is used in the real world. In fact, different transport authorities have established different requirements for the certificates used in their SCMS. In North America, implicit certificates have become the standard for all V2X PKI certificates, whereas, in China, explicit certificates are required. Europe has been establishing two different standards, one for explicit certificates and one for implicit certificates.

In general, V2X PKI certificates can be constructed using four different combinations.

AutoCrypt SCMS Ready to Support All Certificate Types

In late 2022, AUTOCRYPT completed its development on the issuance of both explicit and implicit certificates with Butterfly Key Expansion, gaining the full capability to issue and provision all types of V2X PKI certificates in the SCMS.

To learn more about AUTOCRYPT’s V2X security solutions and AutoCrypt SCMS, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s newsletter.

13 January, 2023 . 6 mins read

The State of Level 3 Autonomous Driving in 2023: Ready for the Mass Market?

Autonomous driving technology has come a long way. In recent years, the automotive tech industry has made significant enhancements to the capability and reliability of sensors, cameras, and vehicle-to-everything (V2X) communication, driving road transport toward higher levels on the autonomous driving spectrum, as defined by the SAE’s Levels of Driving Automation.

SAE J3016 levels of driving automation
Source: SAE International

This spectrum has become an internationally recognized classification for automated driving systems. Its six levels can be divided into two broad categories: driver support systems from L0 to L2 (shown in blue), and automated driving systems from L3 to L5 (shown in green). For the past several years, industry players have been working to make the jump from L2 to L3.

From Level 2 to Level 3 Autonomous Driving, a Legal Matter

Clearly, the leap from L2 to L3 is the most significant leap on the spectrum. Whereas L2 is considered as advanced driver support features, L3 marks the beginning of conditional autonomous driving, where drivers can legally take their eyes off the road when conditions are met. Strictly speaking, only vehicles classified as L3 and above are truly autonomous vehicles.

By today, most major automotive OEMs have mastered their technologies for L2 autonomy. As of the beginning of 2023, L2 driver support systems include Tesla’s Autopilot with “Full Self-Driving”, Audi’s Traffic Jam Assist, GM’s Super Cruise, BMW’s Extended Traffic Jam Assistant, Ford’s Blue Cruise, Hyundai’s autonomous driving package, and many more.

Now, a problem arises when OEMs seek to introduce vehicles with Level 3 autonomous driving. Looking at SAE’s autonomous driving spectrum again, the levels of autonomy are not defined by a vehicle’s self-driving capability, but instead by the expected roles of the vehicle and the human driver. For instance, under L2, the human driver must pay full attention to the road even when all driver support systems are on, whereas in L3, the human driver can officially take their eyes off the road when the automated driving systems are switched on.

Therefore, if an OEM wants to officially introduce an L3 vehicle, it must be liable for all potential accidents that occur while the vehicle’s L3 systems are switched on. That is, no matter how advanced and sophisticated the technology inside a vehicle might be, if the OEM is not ready to claim responsibility for accidents caused by its systems, the vehicle can only be classified as high as L2.

The truth is, although the technology for Level 3 autonomous driving might be ready, many OEMs are not yet prepared to officially claim L3 for legal reasons. This explains why Tesla uses the name “Full Self-Driving” to market its L2 driver support systems without mentioning L3 autonomy. Some OEMs use the term “L2+” to show that their technological capabilities have surpassed L2, yet do not claim L3. Hence, the gap between L2 and L3 is more of a legal gap than a technological gap.

Official Certifications Needed for L3 Autonomy

Since L3 is the first level on the SAE’s spectrum to allow drivers to take their eyes off the road, official certifications and approvals are needed before OEMs can claim a vehicle to be L3. These certifications are often issued by regional transport authorities and highway safety agencies.

In May 2022, Mercedes-Benz became the world’s first manufacturer to get approved by German transport authorities to legally operate its L3 Drive Pilot on the country’s public roads, sold as an option on Mercedes-Benz S Class and Mercedes EQS. This means that those with L3 Drive Pilot are legally allowed to eat, draft emails, or watch videos on the Autobahn. Still, given that L3 autonomy is conditional, if the vehicle loses the environmental or locational conditions to operate at L3, it will prompt the driver to take control within ten seconds. If the driver fails to respond in ten seconds, the car will automatically turn on emergency lights and decelerate to a full stop on the side of the road, then unlock the doors in case first responders might need access to the cabin.

At CES 2023, Mercedes-Benz further announced that it has become the first manufacturer to receive L3 certification in the United States, from the state of Nevada. However, since L3 approval is granted at a state level in the US, the system is only considered L3 in Nevada for now. Nonetheless, the OEM says its Drive Pilot is fully ready to deliver L3 autonomous driving in all 50 states.

Is Level 3 Autonomous Driving Coming to the Mass Market in 2023?

Mercedes is the first manufacturer to make the bold move to bring L3 autonomy to the consumer market. Although Honda Legend won the title for the world’s first approved L3 vehicle back in 2021, only 100 limited-edition vehicles were available for lease only in Japan. Honda’s L3 road map suggests it may take much longer to reach the mass market.

There is no doubt that more and more manufacturers will follow Mercedes’ move towards L3 autonomy. Major OEMs like Hyundai-Kia, Stellantis, BMW, GM, and Honda are continuously reporting progress and plans for L3 rollout. However, it is always easy for OEMs to announce plans and schedules but difficult to make the final decision to obtain L3 approval. Even Mercedes’ L3 Drive Pilot is available for the S Class only, and legally approved in very limited regions (Germany and Nevada). Apart from legal concerns, sensitive public reactions toward flaws in automated driving systems make OEMs more reluctant to introduce L3 vehicles on a large scale.

Hence, although the news is filled with press releases and announcements on launching L3 systems, it is unlikely to see L3 vehicles being available to the mass market within 2023. Nevertheless, following the path of Mercedes-Benz, more and more OEMs will likely launch L3 options for their high-end vehicles in limited regions within the year.

Addressing the Challenges Ahead

Achieving Level 3 autonomy is beyond a matter of technological capability, but a matter of confidence – the confidence that OEMs possess towards their automated driving systems. Before OEMs can gain full confidence in taking responsibility for their automated driving systems, several potential risks need to be addressed. One of them is cybersecurity risk.

Since automated driving features are run by software, these software-defined vehicles (SDV) must not be vulnerable to cyberattacks. If a threat actor were to gain access to a vehicle’s embedded systems and applications, they could gain the ability to tamper with driving data and potentially take control over crucial functions of the vehicle.

AUTOCRYPT has always envisioned a world of L3 and L4 autonomy. Since its inception, it has been working with OEMs and software providers to secure the in-vehicle systems and communication endpoints of SDVs through its industry-leading encryption and authentication technologies, offering solutions from vulnerability testing to intrusion detection and protection.

To learn more about how AUTOCRYPT secures the SDV, download the white paper below.

white paper sdv thumbnail

“The changing tides of the automotive industry into more software, and less hardware, indicate that vehicles will be a possible target for cyberattacks. This is why holistic, comprehensive cybersecurity is essential in securing the next generation of SDVs.”

Download White Paper

 

22 December, 2022 . 2 mins read

Infographic: 2022 Year in Review

Post-pandemic 2022 has been a busy and exciting year for AUTOCRYPT, filled with innovative new product launches and accomplishments. We wanted to thank all our investors, partners, clients, and visitors for all your support over the year. Have a wonderful holiday and see you in 2023!

See below for a summary of AUTOCRYPT’s accomplishments in 2022.

Download PDF

(Accessibility version below)

Red Herring – AUTOCRYPT was selected as “2022 Red Herring Top 100 Global” by Red Herring magazine

2022 Cybersecurity Breakthrough Awards – AutoCrypt IVS won “Automotive Cybersecurity Solution of the Year”

2022 AutoTech Breakthrough Awards – AutoCrypt EQ was awarded “Ride Hailing Innovation of the Year”

Events – We had some meaningful conversations and discussions with our partners and clients at international events this year, including ITF Summit, AutoTech: Detroit, EVS35 Oslo, and ITS World Congress

WebTrust Accreditation – AUTOCRYPT was officially accredited by the WebTrust program as a root CA for the V2X-PKI ecosystem

Series B – AUTOCRYPT closed its Series B financing round with $25.5 million, bringing its total valuation to $120 million

EVIQ – In the summer, we launched EVIQ, an all-in-one EV information and charging platform that comprises a charger locator map, a charging station management system (CSMS) for CPOs, a smart-billing Level 1 EV charger for residential use, and a Plug&Charge security module for secure and seamless charging

AutoCrypt V2X-Air – Launched in Spring, AutoCrypt V2X-Air is a portable OBU for vulnerable road users, enabling pedestrians and micromobility users to easily join the V2X ecosystem

Security Analyzer and Security Fuzzer – We launched a set of vulnerability testing tools utilizable during any stage of the software development lifecycle, dedicated to software-defined vehicles

Integrated Management System for SCMS – IMS for SCMS allows OEMs to view all their entire SCMS certificates on one centralized GUI.

Plug&Charge – AutoCrypt PnC was integrated into Hyundai Motor’s E-pit charging service platform, an ultra-rapid EV charging network across South Korea.

15 December, 2022 . 7 mins read

From EV to Autonomous Driving: A Look Into the Mobility Industry in 2022

2022 was a turbulent year for the mobility industry. As the economy has been recovering back to its pre-pandemic state, we have seen a surge of technological advancements that are shaping the industry.

To commemorate the end of the year we have carefully analyzed the market and gathered four key insights to discuss the biggest trends of 2022 and see what the trajectory for the future of the mobility industry looks like. 

1. The tipping point in EV adoption 

In 2022 we have seen the catastrophic impact of the climate crisis on our planet. The world was struck by extreme heatwaves in Europe, hurricanes across multiple US states, and monsoon floodings in Asia. The intensity of these devastating climate disasters has been increasing as a result of climate change. And as the global climate crisis continues to unfold governments are taking action to tackle the dangers of climate change by rolling out net-zero carbon emission policies to accelerate the road to decarbonization.

One of the largest industries contributing to the climate crisis is transportation, which is responsible for 20% of carbon emissions worldwide. Decarbonizing the mobility and transportation sector is imperative in reaching net-zero goals, and electrifying the roads is the most effective way to do so. Electric vehicles have been at the forefront of the transition in the mobility industry. As the world strives toward net-zero emissions, governments are increasingly pushing for electric vehicle (EV) adoption through subsidies and related policies. Europe and the United States are leading way with regulatory targets of reaching a 50% EV market share by 2030. On the other side of the spectrum, consumers are becoming more environmentally conscious and increasingly willing to make the switch in favor of electric vehicles. And as the technology gets more advanced the supply side is catching up with the demand.

The EV adoption rates are signaling a positive change in the market and bringing us closer to reaching net-zero goals in the transportation sector. However, we are still far from achieving decarbonization and need to take drastic measures in accelerating EV adoption across the board. Continuing to expand the charging infrastructure, supporting change with government policies and subsidies, as well as encouraging innovation are some of the key steps we need to take to meet decarbonization targets.

2. Autonomous driving

Electrification on the roads lays down the groundwork for further innovation opportunities in the mobility industry. To accommodate EV production, manufacturing facilities had to be redesigned and rebuilt from scratch, this allowed OEMs to trial new technologies and software in their vehicles. As the EV market grows, we can see the expansion in related automotive technologies, with innovations ranging from connectivity to autonomous driving.

The buzz around autonomous driving technologies has been around for a while; rightfully so, as autonomous driving technologies are extremely beneficial in increasing road safety and access to mobility. And 2022 was a notable year for the collective movement toward achieving higher levels of autonomy. Currently, major OEMs have achieved Level 3 autonomy, or conditional autonomy, where the vehicle can drive itself under appropriate conditions, but a human driver must always be present in the car. The main technology that allowed us to achieve Level 3 autonomy is Advanced Driver Assistance Systems or ADAS. ADAS uses radars, cameras, ultrasound, and a variety of different software to achieve vehicle automation. While ADAS is an essential element in providing autonomous driving, it is simply not enough to achieve higher levels of autonomy.

Autonomy Levels 4 and 5 entail high levels of autonomy with minimal to no intervention from the driver. To achieve these advanced autonomy levels, we need more comprehensive technologies such as connectivity. At the heart of vehicular communication technologies, we have vehicle-to-everything (V2X) technology that connects the vehicle to the network, infrastructure, other vehicles, and passengers around it. V2X communication utilizes wireless communication between the vehicle and the environment around it to gather real-time data on traffic conditions, road signs, warnings, and much more. V2X technologies are also very beneficial in ensuring road safety as they include connectivity with other vehicles (V2V) and pedestrians on the road (V2P).

This technology can greatly improve the effectiveness and accuracy of existing ADAS technologies and fast-track the path to full automation. 

3. Universal mobility

EV passenger vehicle numbers are growing, but so do the numbers of EV commercial fleets. In the past years, we have seen governments deploy electric buses, trams, and taxis in attempts to decarbonize public transport systems as well as increase access to mobility. Universal mobility entails having access to transportation for all members of society. The ultimate goal is to achieve universal basic mobility (UBM) and democratize the sector so everyone can access safe and efficient transportation. Among the latest technologies aimed to provide UBM are mobility-as-a-service (MaaS), robotaxis, and carsharing services.

The emergence of MaaS is not surprising, as it allows access to transportation for everyone who owns a smartphone. MaaS is currently on the rise with multiple successful cases worldwide, namely Kakao Mobility, Uber, and Lyft. These companies have been able to integrate multiple modes of transportation into a user-friendly mobile application, making transportation easily available to people at the tap of their fingers. 

As MaaS continues to grow businesses will need assistance in rolling out their own mobility services. AUTOCRYPT launched its mobility service solution AutoCrypt® MOVE, integrating its fleet management system with big data analysis and demand-oriented service modeling to help businesses and NGOs easily establish their own mobility services and reach universal basic mobility. 

4. Increasing need for cybersecurity

As vehicles become increasingly automated and connected, the need for effective cybersecurity measures becomes more important. With the proliferation of connected vehicles, hackers have more opportunities to gain access to vehicle systems and potentially cause harm. In addition, the increased use of automation in vehicles means that there are more potential points of failure that could be exploited by malicious actors. 

One of the main reasons for the increasing need for cybersecurity in the automotive industry is the growing number of connected vehicles on the road. Many modern vehicles are equipped with internet connectivity, which allows them to communicate with other vehicles and with external systems, such as traffic control systems and other infrastructure. This connectivity opens new possibilities for vehicle operation and convenience, but it also creates new vulnerabilities that can be exploited by hackers. For example, a hacker who gains access to a connected vehicle could potentially take control of the vehicle’s systems, including its brakes, steering, and acceleration. This could result in dangerous situations, such as collisions or loss of control. In addition, a hacker could potentially access sensitive personal information stored in the vehicle, such as location data or information about the vehicle’s owner. Exactly that happened in January of this year when a researcher was able to hack into 25 Tesla vehicles and gain access to vehicle control and the personal information of car owners. 

Another reason for the increased need for cybersecurity in the automotive industry is the growing use of automation in vehicles. Many modern vehicles are equipped with ADAS and vehicular communication technologies, which can assist with tasks such as lane keeping, automatic braking, and adaptive cruise control. While these systems can improve safety and convenience, they also introduce new potential points of failure that could be exploited by hackers.

Overall, the increasing use of automation and connectivity in vehicles is creating new challenges for cybersecurity. To protect against these challenges, it is important for the automotive industry to develop and implement effective cybersecurity measures. This may include measures such as encryption, secure authentication, and regular over-the-air (OTA) software updates to protect against known vulnerabilities. 

This year has seen positive strides in the mobility industry. The expansion of electric vehicle adoption, autonomous driving, universal mobility, and cybersecurity points to an industry-wide trend toward electrification, decarbonization, and innovation. However, in order to achieve the full potential of the technological shift within the sector we must remember to support this expansion with government policies, investments, and innovation.

As an automotive cybersecurity and mobility solutions provider, AUTOCRYPT offers secure connectivity technologies that support the expansion of the mobility sector. From securing V2X communications to embedded vehicular systems, AUTOCYRPT ensures that all connections are secured before vehicles hit the road. 

1 December, 2022 . 8 mins read

From Safety to Sustainability: A Look at the Short-Term Benefits of V2X

There are two major approaches to achieving autonomous driving. The first is ADAS (advanced driver-assistance systems). And the other is V2X (vehicle-to-everything). Although the public is now quite familiar with ADAS, V2X remains a relatively unknown field. Even among industry stakeholders, a common misconception about V2X is that it must be deployed on a mass scale to provide meaningful benefits. In this blog, we explain why V2X deployment might not be as big an investment as it might seem, by looking at some of the short-term benefits of V2X.

Why It Doesn’t Need to Be Mass Deployment

Indeed, the ultimate objective of V2X is to create a fully connected mobility ecosystem that enables a state of full driving automation (Level 5), where vehicles seamlessly communicate with their surrounding vehicles and infrastructure through exchanging messages in real-time, overcoming the shortcomings (e.g., blind spots, failed object recognition) of cameras and sensors. This approach towards autonomous driving is also referred to as Vehicle-Infrastructure Cooperated Autonomous Driving (VICAD).

However, establishing an entire V2X ecosystem is a long process, as it can take many years to transform an entire city’s transport infrastructure into V2X-enabled systems. Therefore, industry players shouldn’t solely focus on the final objective of VICAD, but instead, work towards deploying V2X for its immediate benefits. This way, consumers can start benefiting from V2X sooner, which helps generate momentum to accelerate further investment and deployment.

Imaging planning and building a subway network from scratch. Of course, the final goal is to create an interconnected network that covers the entire city. However, if the public must wait until an entire network to be completed before benefiting from it, there would be very little interest in moving the project forward. Instead, cities start by building and operating a single line to allow at least some consumers to benefit from it in the short term.

The same is true for V2X. It doesn’t need to be mass deployment before we can start to see benefits. Some case-specific applications, including Signal Phase and Timing (SPaT) and emergency vehicle preemption (EVP), have already generated some promising short-term benefits in terms of road safety and efficiency.

The Short-Term Benefits of V2X

1. Road safety

Even with selective, small-scale deployments over the short term, V2X opens the opportunity for many creative approaches to enhance road safety. For instance, V2X roadside units (RSU) can be installed onto traffic signals at selected intersections where car accidents frequently occur, enabling Signal Phase and Timing (SPaT). SPaT is a V2X application where the traffic signal informs incoming vehicles of the remaining time of the signal. When vehicles receive that information, they can automatically determine whether to continue to cruise through the intersection, slightly accelerate to pass through prior to the signal change, or gently decelerate to a full stop. Having machines do the timing and calculation can help reduce human misjudgments at intersections.

It might be tempting to think that SPaT is only beneficial when all vehicles are equipped with V2X onboard units (OBU). Of course, the more V2X-enabled vehicles there are, the more effective the use case becomes. Still, if only a quarter of vehicles were to be equipped with V2X OBUs, SPaT would make a significant difference by improving the safety record of the intersection. This is because drivers have a natural tendency to move with the flow. The behaviour of V2X-enabled vehicles will influence the behaviours of surrounding drivers, encouraging them to comply with the coordination as well, hence reducing the likelihood of dangerous acceleration and braking during yellow lights.

Installing RSUs at intersections enables another common use case known as emergency vehicle preemption (EVP), which is currently deployed in many major cities across the globe. This is where OBUs installed in ambulances and fire trucks communicate with RSUs at intersections, prompting the traffic signal to change in favour of their direction, making it a very useful application in dense city streets where emergency vehicles can easily get stuck in gridlocks.

As such, localized V2X applications like SPaT and EVP do not require mass deployment. Hence, infrastructure operators and automotive OEMs can focus primarily on these short-term benefits.

2. Traffic efficiency

Besides safety, traffic efficiency is one of the other short-term benefits of V2X. A promising V2X-enabled solution that helps increase traffic efficiency is truck platooning. This is when a fleet of trucks cruise in a row at the same speed in the formation of a train. Given that trucks take up a significant percentage of the highway, having trucks travel individually at different speeds across different lanes can slow the overall traffic and lead to potential safety hazards. By lining them up in a lane at a consistent speed, a significant amount of space can be freed up, enabling faster travel speeds, and reducing the level of congestion during peak times. Furthermore, truck drivers in the follower trucks will be able to rest during the trip, reducing the likelihood of driver fatigue, hence enhancing road safety as well.

Another localized application of V2X is smart parking. This is when RSUs equipped in parking lots communicate with OBUs in nearby vehicles to inform them about parking space availability. In busy urban centers, a great amount of aggregated time is spent on searching for parking space. Not only is it a frustrating experience to circle around a busy block looking for the nearest available parking space that doesn’t cost a fortune, but those in search of parking can add up to the existing traffic and cause further congestion. With V2X-enabled smart parking, there will be no need to roam around urban streets for parking.

3. Cost saving

Road transportation comes with a cost. Apart from fuel and maintenance costs, every minute spent sitting in traffic is an opportunity cost that can be measured in the form of lost productivity. According to the 2021 INRIX Global Traffic Scoreboard, traffic congestion in the United States costs the average driver $564 in lost productivity throughout the year, and an aggregated $53 billion to the country.

When RSUs are deployed in critical areas such as frequently congested intersections and highway merges, V2X-enabled traffic coordination like SPaT and lane merge assists can reduce congestion remarkably, thus cutting unnecessary fuel consumption and productivity loss.

4. Environmental sustainability

When it comes to sustainable transport, electric vehicles (EV) are the most effective solution that contributes directly to a reduction in carbon emissions. However, many do not realize that V2X is another promising technology that can make a positive impact on environmental sustainability.

This is because V2X is an effective energy saver. As aforementioned, since V2X applications can help coordinate traffic and reduce congestion, the average vehicle spends less time on the road, with less unnecessary acceleration and braking. This results in not just less emission, but also less electricity consumption for EVs. Although this might seem like a subtle difference for a single vehicle, the accumulated energy savings and emission cuts can make a meaningful impact on the environment.

Additionally, just like emergency vehicle preemption, OBUs can also be installed on buses and street cars so that traffic signals can give priority to public transit, making traveling by public transit more efficient and convenient, thus encouraging greater usage.

5. Convenience

Regardless of its application, a common benefit that V2X brings across all use cases is convenience. Through real-time communications, road users will be able to benefit from a smart and connected mobility environment.

Start Small, Think Big

Back to the point — V2X connectivity isn’t all about the big picture of full autonomous driving. Through vehicle-infrastructure cooperation, V2X can be utilized for a wide range of localized use cases that do not require much time and effort to deploy. Eventually, these local deployments will naturally accumulate to shape an interconnected V2X ecosystem, enabling a complete VICAD experience. Therefore, policymakers, infrastructure operators, OEMs, and investors should push forward V2X deployment by focusing primarily on its immediate benefits.

Securing V2X Communications

An integral component of V2X deployment is cybersecurity. Encryption and PKI-based authentication measures must be preestablished within the communication end-entities (OBU/RSUs) to ensure that the messages communicated via V2X are securely protected from unauthorized access and tampering. Conversely, with more and more localized V2X deployments, cybersecurity capability will continuously improve with enhanced regional security policies.

AUTOCRYPT’s secure V2X communications solution strengthens both privacy and safety for V2X applications, including a security module installable onto OBU/RSUs, a Security Credential Management System (SCMS) that issues, revokes, and manages digital certificates for end-entities, as well as an Integrated Management System (IMS) for SCMS that allows automotive OEMs to easily manage all their V2X certificates across all vehicle fleets via a graphical user interface.

To learn more about AUTOCRYPT’s V2X security solutions and offerings, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.

16 November, 2022 . 6 mins read

Cooperation in the New Automotive Software Supply Chain: An Emphasis on Cybersecurity

While there have been many changes within the automotive industry, since Toyota invented Just-in-Time (JIT) manufacturing in the 1960s, the automotive supply chain hasn’t seen much change within the past 60 years. The supply chain has been a solid vertical structure: Tier 2 suppliers provide subcomponents and materials to Tier 1 suppliers, who then supply OEMs with ready-to-install parts for assembly. This supply chain structure has been universally adopted because it is highly streamlined and efficient, both important attributes of vehicle production. Under this structure, automotive OEMs do not need to communicate directly with lower-tier suppliers, while every supplier focuses solely on fulfilling the orders of the upper-tier supplier. This all worked out great – until automotive software takes over the vehicle.

This vertical structure made perfect sense in the past when the automotive E/E architecture consisted of independent parts and domains. However, we are now approaching a different era of in the automotive supply chain where, fueled by the growing need for connectivity and automation, in-vehicle systems are becoming more and more sophisticated and interconnected, with software now acting as a core component of the vehicle. 

OEMs today are beginning to realize that the conventional manufacturing model no longer serves its purpose in the new era of software-defined vehicles. And with more and more EV startups entering the manufacturing game, conventional OEMs may need to redefine their supply chain to incorporate software development and cross-domain cooperation.

Growing Complexity of the Automotive Software Supply Chain

Name any car feature – more likely than not it is enabled by software. The modern vehicle runs on electronic systems and software that are stitched together to communicate with each other via the in-vehicle network. A typical vehicle today consists of up to 150 electronic control units (ECU), which are essentially minicomputers equipped with processors. System software needs to be embedded in each of these ECUs to control a particular domain of functions, such as powertrain, sensor, and infotainment.

As such, it would be an understatement to refer to the software-defined vehicle as “a computer on wheels.” A more accurate description would be “a computer network on wheels.” That’s because today’s vehicles run an average of 100 million lines of code. That is two to three times that of a PC operating system. And in fact, the level of complexity will only increase as more and more automated features and security systems are incorporated.

Under the current software supply chain structure, software vendors supply software development kits (SDK) and modules to chipmakers, which supply the chips (e.g., ECUs) to OEMs or Tier 1 suppliers, who then stitch all these chipsets onto the parts and components, putting them in place within the in-vehicle network. However, most OEMs have very little experience in software integration. Although vehicular software has been around for decades, nothing was at the magnitude and complexity of the software structure today.

Moreover, OEMs and Tier 1 suppliers are accustomed to the vertical supply chain structure. Many are overwhelmed by this growing need for direct external communications and cooperation.

Therefore, just like what many with a strategic mind would do, OEMs are outsourcing the work.

The Emergence of Software Providers and the Need for Cybersecurity

Due to the sheer volume and quick influx of software components, many OEMs choose to outsource software integration to a comprehensive software provider, acting as a “Tier 1 software supplier.” Many existing Tier 1 suppliers have seen this as an opportunity to expand their software division, and because of this many OEMs have chosen to establish or acquire their own dedicated software provider. Some take it a step further by making plans to establish a proprietary operating system and platform where all applications can be developed on. CARIAD from the Volkswagen Group is one such example. As the dedicated software provider for the Volkswagen Group, the company has announced plans to release the Volkswagen Operating System.

It might be tempting for OEMs to maintain their old way of doing things by having software providers take charge of all software integration, while focusing solely on inventory management, assembly, and quality control. However, the new supply chain landscape isn’t as straightforward, with quality control being the key difference. 

While hardware components are very easy to standardize and inspect, rules are different in the software game. Since there exists a cybersecurity risk in every connected computer – in the age of connected vehicles, software and cybersecurity must come hand in hand. This means that a large part of software quality control is making sure that it is free of vulnerabilities and flaws that may hinder its functionality and pose a cybersecurity risk. To do so, every piece of software needs to be rigorously tested prior to the release of a vehicle batch.

Additionally, similar to how OEMs are responsible for issuing hardware recalls, regulations are now holding OEMs accountable for software cybersecurity mismanagement and loopholes. The UN R155/R156 regulations set out by UNECE WP.29 mandate that all OEMs maintain an automotive cybersecurity management system (CSMS) and a software update management system (SUMS) for their vehicle fleets. This means that even after a vehicle is passed onto the consumer, software performance must be continuously managed, monitored, and updated and patched in real-time.

The bottom line: whether it is the OEM or the software provider in charge, the OEM will ultimately be responsible for cybersecurity management.

The Importance of Cooperation for Secure Software Implementation

At the end of the day, the jobs of both the OEM and software provider are to ensure that cybersecurity risk within the automotive ecosystem is well managed and minimized. However, this should not be taken lightly because cybersecurity management isn’t simply about buying security software from vendors and installing it into the systems.

In the sophisticated automotive software ecosystem, security measures must be incorporated and custom-built in the manufacturing process to ensure both secure implementation and cross-region interoperability.

Therefore, both OEMs and software providers must take an active role in cybersecurity and cooperate with firms specializing in automotive cybersecurity to facilitate secure software integration and implementation across all domains, from the embedded systems within a vehicle to the vehicle-to-everything (V2X) connections for autonomous driving and vehicle-to-grid (V2G) applications for EV charging.

The takeaway is this: the automotive industry has entered a new era – an era where value is no longer added step by step through vertical supply chains but generated from horizontal cooperation, and an era where the automobile is no longer a product, but a combination of services stacked on wheels.

To succeed in the new era of smart mobility, cooperation is the key.

To learn about how AUTOCRYPT’s in-vehicle systems (IVS) security solutions can help OEMs secure software integration and connectivity, contact global@autocrypt.io.

To stay informed and updated on the latest news about AUTOCRYPT and mobility tech, subscribe to AUTOCRYPT’s quarterly newsletter.