As modern vehicles become more connected, autonomous, and generally more software-defined, the automotive industry faces new cybersecurity challenges. While new features in the areas of advanced infotainment services, V2X applications, and ADAS/AD functions greatly enhance the overall driving experience, they inevitably increase the attack surfaces for cyber attacks and pose a real security risk.
Are you prepared for the upcoming cybersecurity challenges?
In this video, Matthias Pukrop, Product Engineer, Real-Time Test & Development Solutions, dSPACE GmbH, discusses the topic of automotive cybersecurity testing. Watch this Innovation Coffee Break episode to get an overview of the current challenges in automotive cybersecurity and find out what solutions dSPACE can offer you in this area.
Regulations for More Security
As a countermeasure, United Nations Economic Commission for Europe (UNECE) regulation UNECE WP.29 R155 was introduced, requiring vehicle manufacturers to consider the issue of cybersecurity at all stages of development and throughout the life cycle of a vehicle. A key component of the regulation is the establishment of a cybersecurity management system that includes the analysis of threats and risks, the development and implementation of appropriate countermeasures, and monitoring and logging to analyze incidents. The automotive industry itself has introduced a reference implementation in the form of the ISO/SAE 21434 standard (Road vehicles – Cybersecurity engineering).
Analysis of Risks and Establishment of Secure Communication
An essential prerequisite for compliance with the new regulation and standard is sufficient testing of the implemented cybersecurity countermeasures. The latter should be designed based on the results of the threat analysis and risk assessment.
A necessary condition for cybersecurity is the establishment of secure communication channels in the vehicle, which is essential for protecting safety-critical functions. To ensure the authenticity, integrity, and confidentiality of the transmitted data, various security protocols are used at the bus and network level (e.g., MACsec, IPsec, TLS, SecOC). Accordingly, a suitable test platform must support all relevant bus and network protocols in the vehicle, including their security features and various manipulation options.
Different Test Scenarios
The most common types of cybersecurity testing at the component and system level are:
- Conformance testing: Verifying functional correctness based on regulations and standards
- Vulnerability scanning: Scanning and testing for known vulnerabilities
- Fuzzing: Finding edge cases, code errors, and implementation flaws
- Penetration testing: Attempting to penetrate the system and exploit vulnerabilities
All these different types of cybersecurity testing have their own necessity and complement each other, and some can be highly automated. In addition to regulatory compliance, establishing sophisticated cybersecurity testing procedures is essential for modern vehicle software development, which is increasingly performed through CI/CD/CT pipelines (continuous integration, continuous delivery, continuous testing).
A Strong Partner Network for Security
dSPACE works with an open partner network of established cybersecurity service providers to meet each customer's individual requirements.
By using dSPACE HIL platforms, the cybersecurity partners bring extensive know-how and experience to perform the required cybersecurity tests, such as conformance tests, vulnerability scans, fuzzing, and penetration tests. Importantly, dSPACE works with multiple partners to meet customer-specific cybersecurity test requirements, e.g., technical, organizational, legal, and geographical constraints.
Together with its open partner network, dSPACE offers a complete end-to-end solution for cybersecurity testing in HIL environments: From threat analysis and risk assessment to test case generation, test execution, and evaluation of test results.
- Complete solution for cybersecurity testing in a HIL environment, from consulting to test case generation, setup, execution and evaluation
- Additional benefit for existing customers:
Use existing dSPACE systems for cybersecurity testing
Integrate cybersecurity aspects into existing test infrastructure
- Combine functional safety and cybersecurity testing
- Use the open partner network to address different customer-specific constraints
Hardware-in-the-Loop Platforms Are Well-Suited for Cybersecurity Testing
dSPACE supports you with meeting the challenges of cybersecurity testing. The combination of dSPACE hardware-in-the-loop test platforms with specialized cybersecurity service providers ensures a unique end-to-end solution that covers all aspects of cybersecurity testing.
The advantages of hardware-in-the-loop (HIL) platforms for cybersecurity testing are:
- Cost savings and increased efficiency by leveraging existing HIL test infrastructure for cybersecurity testing
- Real-time environment to ensure deterministic and reproducible behavior
- Extensive capabilities to dynamically track the response of the device under test
- Put the device under test into defined operating modes to simulate real-world operational behavior
- Support for all relevant bus and network security protocols throughout the tool chain, e.g., MACsec, IPsec, TLS, SecOC
- Various runtime manipulation capabilities to simulate a wide range of real-world attacks, e.g., spoofing, tampering, denial of service
- Suitable platform for relevant cybersecurity test types, e.g. conformance testing, vulnerability scanning, fuzzing, penetration testing
- Combination of functional safety testing with cybersecurity testing to address dependencies between safety and security
Together with the general benefits such as full automation, scalability, efficiency, and remote access, dSPACE HIL systems help to increase the process maturity of cybersecurity testing.