Security Testing Tools
AutoCrypt CSTP
Automotive cybersecurity testing platform for Regulatory Compliance
Automotive cybersecurity testing on a comprehensive platform.
According to UNECE’s Regulation 155, automotive cybersecurity testing must be done periodically to identify and mitigate potential vulnerabilities. However, given the various sets of testing tools, managing all individual testing processes and results can be time-consuming and inefficient.
AutoCrypt® CSTP (Cybersecurity Testing Platform) is a comprehensive platform that offers a variety of security tests and validations and allows them to be executed and managed on one single platform. All proprietary test cases are made to meet UN R155/156 and GB (GB/T) criteria.
The platform also allows users to manage and share standardized test results between internal parties and external authorities, enabling faster decision-making and streamlining the Regulatory Compliance process.
Features
Five types of tests on a single platform
Security Validation Testing
- Verifies the security requirements of automotive ECUs to ensure the vehicle’s cybersecurity
- Confirms that each component of the ECU is secure under various real-world conditions
Functional Testing
- Validation of functionalities using specification analysis test cases composed in-house
- Error identification and correction improve the development process and ensure functional reliability
Penetration Testing
- Provides penetration testing scenarios crafted by AUTOCRYPT’s award-winning Red Team
- Security validation for all connection endpoints inside and outside the vehicle, including infrastructure, web, and cloud services
Fuzz Testing
- Fuzz testing in compliance with ISO/SAE 21434
- Regulatory compliance support for automotive OEMs and suppliers
- Uses an AI-based algorithm that increases testing speed and improves detection rate
Vulnerability Testing
- Identifies potential security vulnerabilities in automotive ECUs using proprietary research techniques
- Ensures ECU safety by preventing exploitation of vulnerabilities through various attack vectors
Highlights
AutoCrypt CSTP benefits
Regulation Standard-based Test Coverage
- Comprehensive test coverage with test cases designed to meet international and domestic vehicle cybersecurity regulation standards, including UN, ISO, GB, and others
- Regularly updated to align with evolving regulations and technologies
Test Case Customization
- Security testing tailored to the unique cybersecurity environment of each vehicle manufacturer
- Seamless testing is maintained even with firmware or model changes, supported by customized test cases and specialized training
License Customization
- Fully customizable licensing options tailored to client’s testing objectives with the possibility of future license expansion
- Economical option for clients with only select testing needs
Comprehensive Report Support
- All test results are consolidated into a single comprehensive report, including an analysis of each test result
- The comprehensive cybersecurity report can be used for clients’ product security assessment and cybersecurity verification for regulatory compliance
Components
AutoCrypt CSTP architecture
Hardware structure
Use Cases
Testing and Consulting Service References
Company A – South Korean Testing and Research Institute
Developed integrated automotive cybersecurity evaluation technologies, including:
- Stability testing and evaluation for cybersecurity
- Vulnerability verification and threat response systems
Company B – Tier 1 Supplier
Performed Fuzzing and Penetration Testing on ESC controllers for a global North American OEM:
- Derived test case items based on UN R155 threats and attack methods
- Identified vulnerabilities and threat scenarios through controller interface and external access point analysis
Company C – Tier 1 Supplier
Delivered cybersecurity consulting and Penetration Testing:
- Provided ISO/SAE 21434-based consulting and engineering support
- Conducted TARA-based threat analysis, security concept development, and Penetration Testing
Company D – Tier 1 Supplier
Conducted Penetration Testing on AVN controllers for a global European OEM:
- Identified vulnerabilities in AVN communication protocols (CAN, Ethernet, Wi-Fi, Bluetooth, USB, etc.)
