With great power comes great responsibility - Recently, we have been hearing a lot about the vision of future vehicles becoming more and more software-defined. High-performance computing paired with modern sensors and extensive connectivity enables the vehicle's functionalities and the driving experience to be mainly determined by software.
Linked to this, however, are important aspects of cybersecurity that we do not hear as much about as we should. Reacting to the shift towards software-defined vehicles, new regulations and standards (UNECE WP.29 R155 [1] & ISO/SAE 21434 [2]) require cybersecurity to be addressed at all stages during development and throughout the entire life cycle of the vehicle. In addition to risk assessments and the implementation of mitigation procedures, extensive testing is mandatory to validate the effectiveness of the cybersecurity measures.
In this article, we briefly review the current state of automotive cybersecurity, including requirements imposed by regulations. Additionally, we present how dSPACE is supporting you to tackle new challenges arising with mandatory cybersecurity testing.
Why Cybersecurity is Important
Overall, the importance of data communication within the vehicle has increased significantly greatly in recent years. Some of the main drivers are ADAS/AD functionalities including the use of sensors with high data rates, modern E/E vehicle architectures utilizing high-bandwidth data backbones, and connectivity for various purposes, e.g., infotainment and online services, wireless interfaces, and over-the-air updates.
Many of these different features are specifically enabled by the utilization of automotive Ethernet - expanding the vehicles communication network with a high-bandwidth, well-established, and scalable option. More data being exchanged paired with the vehicle becoming more connected raises questions about automotive cybersecurity demonstrated, among others, by the following points.
- Higher levels of autonomy and increased implementation of advanced driver assistance systems result in more safety-relevant data within the vehicle’s communication network. Reliable and secure communication is the mandatory basis for all activities of autonomous driving.
- Growing connectivity driven by infotainment services, over-the-air updates, and V2X applications extends the potential attack surface for malicious purposes by providing remote entry points.
- Another crucial aspect rises with more and more electric vehicles on the roads; a safe and secure interaction with the charging station infrastructure must be ensured.
- In addition to the conceptional need for cybersecurity, specific incidents in the past have explicitly demonstrated the danger of security breaches, both in terms of financial loss, e.g., the vehicle being damaged or stolen, and more importantly, in terms of potential safety and health risks.
- Furthermore, security incidents are often accompanied by reputational damage.
To tackle all these different risks, cybersecurity focuses on three key targets to ensure secure communication, which is essential to protect safety-critical functions:
- Authenticity - verify that the source of data is a trusted network participant
- Integrity - verify that the data is not altered during transmission
- Confidentiality - ensure only permitted participants have access to the data.
To summarize, current trends in the automotive industry lead to a massive increase of the potential attack surface of vehicles. The different above-mentioned examples elucidate that cybersecurity must be addressed properly, together with functional safety. Whereas the latter is standardized in ISO 26262, for cybersecurity new guidelines were introduced: UN regulation UNECE WP.29 R155 sets up the regulatory framework regarding cybersecurity for vehicle approvals for all UNECE member states. Since July 2022, it has been mandatory for all new vehicle type approvals and from July 2024, it will be mandatory for all new vehicle approvals.
What do I have to do?
The regulation requires OEMs to introduce a cybersecurity management system covering multiple aspects, e.g., risk management, attack detection, and implementation of countermeasures. Additionally, ISO/SAE 21434 standardizes measures and processes addressing cybersecurity during product development to comply with the mandatory regulation UNECE WP.29 R155. Importantly, these rules require "sufficient testing" [1] of cybersecurity demonstrating the effectiveness of the implemented measures as a mandatory procedure for vehicle type approval. In addition, to formally comply with new regulations, the automotive industry faces challenges of dedicating resources towards cybersecurity, training experts, establishing standards, and keeping up with the fast-paced development. A key component for handling all those challenges is that security testing must become a standardized process throughout all stages of development.
Cybersecurity Testing with dSPACE
A crucial requirement for UNECE WP.29 R155 compliance is sufficient testing of the implemented cybersecurity measures. In particular, threat mitigations for vehicle communication include that "the vehicle shall verify the authenticity and integrity of messages it receives" and that "confidential data transmitted to or from the vehicle shall be protected" [1]. In addition to the cybersecurity aspect, the growing complexity in today’s in-vehicle communication architectures results in increasing demands towards test platforms. With a broad set of products and solutions for simulation and validation of bus & network communication, dSPACE supports the customers at all stages during development, from early functional testing in a software-in-the-loop environment to testing of an integrated ECU network in a hardware-in-the-loop setup. The well-established dSPACE real-time simulators also provide a versatile platform to perform various types of cybersecurity testing, e.g., conformance testing to demonstrate functional correctness, penetration testing to uncover possible vulnerabilities, and fuzz testing to check for hidden edge cases. With access to the bus & network communication at run time, a broad range of reproducible attacks can be simulated, e.g., via manipulation (man-in-the-middle, denial-of-service, tampering), monitoring (spying), and data logging & replay (spoofing, replay attacks). dSPACE supports relevant security protocols throughout the whole tool chain, e.g., MACsec, IPsec, TLS, and SecOC. These protocols play an important role in ensuring the above-mentioned key attributes of secure communication: Authenticity, integrity, and confidentiality. Together with security-specialized partners, we offer customers end-to-end solutions well-suited to perform the required cybersecurity tests, e.g., validating TLS-protected Ethernet communication [3].
Additionally, dSPACE Consulting offers comprehensive support for your projects, combining the required technical know-how with many years of practical experience. Together, we will be prepared for the upcoming challenges of validating vehicle safety and cybersecurity.
About the Author
Dr. Matthias Pukrop
Product Engineer, Real-Time Test & Development Solutions, dSPACE GmbH