SEOUL, KOREA, Dec. 18, 2023 — Automotive cybersecurity company AUTOCRYPT recently announced the release of “TARA Template for Automotive,” a project management tool for conducting Threat Analysis and Risk Assessment (TARA), a process crucial to the development and maintenance of automotive software. The cybersecurity tool is now available as an extension on Siemens’ Polarion ALM application lifecycle management platform, helping users effectively address TARA activities.
Defined by “ISO/SAE 21434: Road Vehicles – Cybersecurity Engineering,” TARA is a preventive cybersecurity methodology that involves performing a set of key activities during software development and maintenance. The process involves the analysis of potential cyberattack objectives, vectors, and threats, followed by an assessment of their risk and severity levels.
AUTOCRYPT’s TARA Template for Automotive greatly reduces the complexity and increases the accuracy of TARA activities. Developed by AUTOCRYPT in collaboration with Branvi, an official Polarion partner, the tool has been optimized for the Polarion platform. Work items can be automatically connected to the template, allowing users to benefit from the step-by-step manual and calculation tools in the template.
AUTOCRYPT’s CEO, Daniel ES Kim, commented, “With the advancement of software-defined vehicles, TARA has become an inseparable part of vehicle development and maintenance. Based on our decades of experience in cybersecurity implementation, our team at AUTOCRYPT has established an intuitive template optimized for ISO/SAE 21434 compliance.”
Beyond the ISO/SAE 21434 standard, TARA is also an effective strategy for implementing security by design and managing security updates, as mandated by UN Regulation 155 and 156. AUTOCRYPT provides a wide range of security testing tools and services to complement TARA and secure the vehicle manufacturing process.
To learn more about AUTOCRYPT’s automotive cybersecurity solutions, contact global@autocrypt.io.
About Autocrypt Co., Ltd.
AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. AUTOCRYPT also provides management and service platforms for the operators and end users of MaaS, contributing to sustainable and universal mobility.
SEOUL, KOREA, September 5, 2023 — Automotive cybersecurity and mobility solutions company AUTOCRYPT released a major upgrade to its automotive fuzzing software—AutoCrypt Security Fuzzer. The upgrade (version 2.0) enables a much wider testing range and greater automation, allowing automotive OEMs to benefit from a more simplified and efficient fuzzing process for UN R155 (WP.29) compliance.
AutoCrypt Security Fuzzer was first released in December 2021. As the world’s first fuzzing solution for the vehicular environment, its fuzzing algorithms were built based on the structures of Unified Diagnostic Services (UDS), the communication protocol used in electronic control units (ECU). Version 2.0 expands the testing range beyond ECUs to include other protocols like the Controller Area Network (CAN), Wi-Fi, Bluetooth Low Energy (BLE), and most importantly, the Ethernet, which is a crucial component of software-defined vehicles. The v2.0 platform also allows new protocols to be added through software updates.
Offered through an intuitive UI, AutoCrypt Security Fuzzer v2.0 greatly improves the user experience. Yet, its biggest differentiation point is its smart fuzzing capabilities. It accurately identifies the functions and technical specifications of each test target and generates test cases based on these characteristics, ensuring that only relevant test cases are input into the program. Moreover, testing can be assigned at a project level, allowing for continuous testing for multiple ECUs. Even if an unexpected interruption occurs, the fuzzing process will continue based on its automation algorithms. All these features make AutoCrypt Security Fuzzer exceptionally efficient and easy to use.
AUTOCRYPT’s CEO, Daniel ES Kim, emphasized the importance of fuzz testing for vehicle production, “Fuzz testing is not just an effective way to identify software vulnerabilities at an early stage, but a necessary process to receive vehicle type approval as mandated by UN R155.” Regarding AutoCrypt Security Fuzzer, he added, “We developed the solution specifically for the automotive industry. It offers diagnostics services and NRC support features based on ISO 14229. It also provides support for all ISO-TP specifications as defined in ISO 15765.”
AutoCrypt Security Fuzzer is a component of AUTOCRYPT’s in-vehicle systems (IVS) security solution, an end-to-end automotive cybersecurity solution that secures all stages of the vehicle lifecycle, offering a wide range of products and services from TARA and security testing to the intrusion detection and prevention system (IDPS) and vehicle security operations center (vSOC). To learn more about AUTOCRYPT’s IVS solution, contact global@autocrypt.io.
ABOUT AUTOCRYPT
AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and processes for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way toward a secure and reliable C-ITS ecosystem. AUTOCRYPT also provides management and service platforms for the operators and end users of e-mobility and MaaS, contributing to sustainable and universal mobility.
It has long been established that cybersecurity is essential to vehicle operations and needs to be implemented universally. However, it is important to note that automotive cybersecurity does not follow a one-size-fits-all approach. Different types of cybersecurity measures have their pros and cons and are more effective for certain types of vehicle architectures rather than others. While there are different types of vehicle cybersecurity measures available on the market today, this blog will discuss hardware security modules (HSM) and trusted execution environments (TEE), offering a closer look at two of the most robust vehicle cybersecurity solutions.
Why do we need in-vehicle security?
Modern vehicles have complex internal computing systems that enable superior functions like advanced driver-assistance systems (ADAS), vehicle-to-everything (V2X) communications, as well as network and cloud connectivity. These internal computing systems interact with each other and the external network, exchanging large amounts of data and signals. If these communication nodes lack appropriate security measures it leaves the vehicle vulnerable to cyber risk.
Wi-Fi, navigation systems, V2X communications, all of these network connection endpoints can be potential routes for cyber attacks. Hackers could breach into a vehicle’s internal system to steal private data like vehicle location, registration number, and even financial information. There is also the risk of hackers breaking into the vehicle systems to gain control of its functions. We saw this happen when two researchers hacked into a car through its cellular connection. After establishing a wireless access to the car, the hackers gained control of the vehicle’s dashboard, infotainment system, and even the engine.
This experiment revealed many vulnerabilities in vehicle internal systems security. It also solidified the importance of a layered approach to vehicle cybersecurity, where both the internal vehicle environment and the external communications are secured.
What is HSM?
One of the most robust cybersecurity solutions in the automotive industry is a Hardware Security Module (HSM). HSM is an external physical security unit that is installed into electronic control units (ECU). It safeguards vehicle communications and functional control systems with message cryptography. Typically, an HSM will include its own processor, cryptographic technologies, and dedicated memory for the hardware security firmware and secure data. Having its own processor, the HSM operates separately from the ECU, bearing the computational load of security functions.
The security module’s main job is to safeguard sensitive vehicle data during message exchanges. It does this by storing cryptographic keys, performing cryptographic operations, and verifying digital signatures to conduct authenticity checks for messages passing through the vehicle. This makes sure that data coming from outside of the vehicle is verified, and data leaving the vehicle is safely encrypted.
HSMs have been the industry standard in vehicle cybersecurity for their ability to safeguard valuable information from tampering. However, there is a problem of scalability with this particular cybersecurity measure. HSM is a security unit that has to be physically installed into ECUs within the vehicle. So, installing HSMs in cars with complex internal architectures and an abundance of ECUs may become costly.
There is also the issue of flexibility. Many modern luxury vehicles support over-the-air (OTA) systems like software downloads and updates. These OTA systems enable the installation of new functionalities into a vehicle without having to alter its hardware composition.
In a rapidly developing automotive industry, cybersecurity software needs to be able to adapt to vehicle software changes. This will be hard to achieve for a car secured only with hardware security modules. The hardware-software segregation in advanced vehicle architectures requires a more flexible approach to cybersecurity that ensures cybersecurity measures evolve hand-in-hand with vehicle software developments.
What is TEE?
A cybersecurity solution that works more effectively in centralized vehicle architectures with ever-evolving software structures is a Trusted Execution Environment (TEE). TEE is a software-based security measure that creates a secure and isolated environment within the application processor, separating critical operations from the rest of the system.
Critical operations and sensitive data can be executed and stored within the trusted execution environment, shielded from potential cyber threats. Similar to HSMs, TEEs have protected crypto libraries where sensitive information, such as cryptographic keys, can be securely stored and managed. They also provide secure communication channels between trusted components, ensuring that data transmitted within the secured area remains confidential and protected from the rest of the vehicle. This helps prevent unauthorized access or tampering.
For instance, the AutoCrypt IVS-TEE security solution offers OTA systems security with encryption and authentication technologies, making sure that only validated software is received and installed during OTA system updates. This is done to ensure that the software comes from an OEM and not a malicious actor.
While TEE and HSM offer similar cybersecurity measures they are very different in terms of implementation and execution. TEEs are built into the application processor’s chipset and can be implemented through software updates, making them more flexible and adaptable to changing security requirements. Leveraging a vehicle’s existing hardware resources, TEEs eliminate the need for additional security components, potentially reducing costs.
Establishing a TEE is a cybersecurity-by-design approach that ensures that there is a secure environment to run critical operations in every application processor.
As vehicles become increasingly connected and autonomous, the importance of robust automotive cybersecurity methods cannot be overstated. HSM and TEE both play crucial roles in securing vehicles against cyber threats. HSMs excel in cryptographic operations and secure key storage, while TEEs create isolated execution environments within the main processor. By combining these methods, automotive manufacturers can maximize protection from external cyber threats and enhance the security of their vehicles.
AUTOCRYPT’s in-vehicle cybersecurity solutions provide complete protection for the vehicle-embedded systems minimizing cybersecurity risks.
To stay informed about the latest news on mobility tech and automotive cybersecurity, subscribe to AUTOCRYPT’s monthly newsletter.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
