As modern vehicles become more connected, autonomous, and generally more software-defined, the automotive industry faces new cybersecurity challenges. While new features in the areas of advanced infotainment services, V2X applications, and ADAS/AD functions greatly enhance the overall driving experience, they inevitably increase the attack surfaces for cyber attacks and pose a real security risk.
Regulation and Standards for More Security
As a countermeasure, United Nations Economic Commission for Europe (UNECE) regulation UNECE WP.29 R155 was introduced to harmonize cybersecurity requirements and processes throughout the automotive industry. It requires vehicle manufacturers to consider the issue of cybersecurity at all stages of development and throughout the life cycle of a vehicle. A key component of the regulation is the establishment of a cybersecurity management system that includes the analysis of threats and risks, the development and implementation of appropriate countermeasures, as well as monitoring and logging to analyze incidents. The automotive industry itself has introduced a reference implementation in the form of the ISO/SAE 21434 standard (Road vehicles – Cybersecurity engineering). The ISO/SAE 21434 describes a risk-driven approach for processes targeting organizational, engineering, continuous as well as distributed activities while also laying out a common language and common methods to harmonize the understanding of cybersecurity.
The left side shows the content of the ISO/SAE 21434. The middle diagram shows the typical ISO/SAE 21434 process flow. Cybersecurity goals and suitable controls are derived from the threat analysis and risk assessment (TARA). The corresponding concept and requirements are incorporated into the development cycle. Our cybersecurity testing solutions support all necessary verification and validation activities during development, accompanied by holistic process consulting.
Cybersecurity Testing
An essential prerequisite for compliance with the new regulation and standard is sufficient testing to verify the specification of the implemented cybersecurity controls and to validate the corresponding cybersecurity goals. In addition to regulatory compliance, establishing mature cybersecurity test strategy is essential for modern vehicle software development, which is increasingly performed through CI/CD/CT pipelines (continuous integration, continuous delivery, continuous testing). Based on the different stages in development various test types are suitable and can act as cybersecurity quality gates.
Starting from pure code methods like code analysis, unit testing and vulnerability scanning are commonly used. Transitioning to virtual and physical ECUs, SIL- and HIL-based cybersecurity testing can bridge the gap towards mandatory vehicle penetration testing within the type approval process. SIL- and HIL-based cybersecurity testing should include functional and conformance testing to ensure correct behavior according to the specifications and offensive testing, such as fuzzing and penetration testing, to minimize unidentified vulnerabilities and weaknesses which could be exploited for malicious purposes. Importantly, SIL and HIL test systems provide a realistic test environment for the system under test to simulate real-life attacks on component-level as well as vehicle level.
All these different types of cybersecurity testing have their own necessity and complement each other, and some can be highly automated. Early and continuous cybersecurity testing is key to avoid late findings and to minimize remaining vulnerabilities.
dissecto HydraVision: Detect Vulnerabilities. Eliminate Risks.
HydraVision is an intuitive and scalable security testing framework that helps organizations:
- Integrate and scale security testing throughout the entire development lifecycle to ensure compliance with demanding industry standards and minimize costly errors in late development phases.
- Use customizable and flexible test case templates to accelerate large-scale exploratory testing and meet system-specific requirements.
- Increase efficiency through automated security testing, reduce manual effort, and ensure continuous, repeatable, and comprehensive validation.
Whitepaper: „From HARA and TARA to Risk-Based Safety and Security Dependency Testing“
In our whitepaper, we describe a tool-supported analysis method aligned with automotive standards to identify safety and security dependencies and automatically derive test cases which can be imported into the existing dSPACE XIL tool chain to improve efficiency by reducing time-consuming manual work and susceptibility to errors.
Secure In-Vehicle Communication
A necessary condition for cybersecurity is the establishment of secure communication channels in the vehicle to protect safety-critical functions and private data. To ensure the authenticity, integrity, and confidentiality of the transmitted data, various security protocols are used at the bus and network level, e.g., MACsec, IPsec, (d)TLS, SecOC.
Once these mechanisms are implemented and activated in an ECU, any testing becomes more challenging since the test platform which simulates the in-vehicle network must support all these relevant security protocols to be able to properly communicate with the ECU.
The dSPACE bus and network tool chain supports relevant security protocols on bus and network level, including an interface to integrate OEM-specific implementations as well as various manipulation options, such as authentication invalidation, overwriting freshness value, and recalculation of authentication signatures.
X-in-the-Loop Platforms Are Well-Suited for Cybersecurity Testing
dSPACE supports you with meeting the challenges of cybersecurity testing. The combination of dSPACE X-in-the-loop test platforms with specialized cybersecurity service providers ensures a unique end-to-end solution that covers all aspects of cybersecurity testing. The HIL and SIL platforms bring the technical preconditions, such as real-time support, bus and network support, functional simulation environment, and dynamic monitoring capabilities. Additionally, in case of a SIL platform, a purely virtual environment allows to test even earlier and comes with the advantages of high scalability and extensive debug possibilities.
