QAC Emerging Technologies Quality Assurance
FOCUSED ON THE FUTURE
Welcome to the twelfth edition of the EmTech newsletter. In this edition, we’ll be sharing more about state-of-the-art of automotive cybersecurity. Now that we have discussed the types of cyber-attacks in CAV as well as the defense mechanisms available in previous newsletters, we will now revisit these topics but focus on industry offerings and practices as opposed to those recommended in the academic research community.
Keeping you informed
Our emerging technologies quality assurance workstreams
Industry offerings for cybersecurity
It is important to note that the focus on CAV research is equally strong in both industry and in academia. Many companies have begun to research into CAVs and develop their solutions for certain aspects of the concept. This newsletter will focus on organizations who have begun to research and develop security solutions for the emerging sector. Various industry services/offerings can be grouped in three different areas: Cybersecurity Solutions for CAVs, Cybersecurity Testing Services for CAVs, and Environment Simulation for CAVs.
Cybersecurity solutions for CAVs
For example, Trustonic currently offers a specific solution for secure digital mobile keys. This solution enables vehicle owners to replace traditional car keys and fobs with a secure digital key on their mobile.They provide a successful case study using this solution with the popular car manufacturer Hyundai. The company also provides various other solutions, such as their Trusted Execution Environment focused around securely executing code in vehicles.
Companies such as Escrypt and Blackberry Certicom have solutions developed for a Secure Credential Management System. These systems are based on Elliptical Curve Cryptography tailored to a Public Key Infrastructure for CAVs and Lynk & CO.
Last but not least, Penta Security has been developing several cybersecurity tools for CAVs since 2007 and now provides them under their solution suite called AutoCrypt. AutoCrypt contains many solutions for vehicle security, such as implementing secure communications within a vehicle, controlling traffic flow, key management, and malicious access detection.
Cybersecurity testing services for CAVs
Aside from the development of cybersecurity solutions,many vendors have begun to offer cybersecurity testing services for CAVs. As with any technology, when developing a solution, it is important to consider the security of the system early on.
As such, many of these companies offer their expert knowledge to identify vulnerabilities in the design, code, execution environment, and more. These organizations have dedicated teams that are well-versed in “CAV concepts and security best practices”. Thus, they leverage this skill to provide consultation services.
Similarly, Synopsys is another organization that offers cybersecurity testing and consultation services for CAVs. Their offerings are similar to Nettitude and their service also focuses on a review of the entire systems development lifecycle and supply chain. This would include testing of the CAN bus, the vehicle ecosystem, embedded code review, and more to provide a wide range of services as needed.
The tech-giant, IBM, has also extended its consulting services to include automotive security through the X-Force Red division. This team is a special unit within IBM offering penetration testing services. Their offering for automotive security includes security design, testing, and remediation services. The team consists of experts and experienced hackers to conduct manual tests and identification of vulnerabilities in the system, and also leverage IBM’s comprehensive Threat Landscape resources. Similar to cybersecurity solutions, it can be expected that vendors offering cybersecurity services will also continue to grow as the technology is developed.
Environment simulation for CAVs
Companies such as Spirent and DanLaw, both offer their own unique environment simulation toolsets. The solutions are designed to test individual or multiple Electronic Control Units against a simulated environment. The solution usually consists of many components such as an emulation software for other vehicles and v2x devices, a radio frequency transmitter for producing the communications to the ECU, and GPS signal transmitters to list a few. The goal of these companies is to provide a virtual environment where testing for CAV development can be completed. This can include testing of cyber-attacks, which, for example, Spirent offers through their V2X testbeds. Alternatively, agencies such as Invest Ottawa have also spun up initiatives such as Ottawa L5, which provides a full testing ground for the development of CAVs. These facilities include isolated tracks and roads that offer infrastructure supporting V2X communications. They also provide an environment through which cyber-attacks and threats can be safely researched and developed. In short, through multiple means, companies are providing solutions that can be used for the development and testing of the cybersecurity of CAVs to simulate real-world scenarios.
During this initial phase of development in connected and autonomous vehicles, cybersecurity testing and consulting services maybe very valuable for organizations to develop secure solutions. One method to test a developed solution or service is to run it through a simulated environment, and as such a few companies have begun to offer environment simulation tools for the development of V2X solutions.