Product Security Evaluation Services for Automotive
The rise of Autonomous Vehicles (AVs) and Connected Cars (CCs) is bringing new challenges to the automotive industry. Cutting-edge technologies such as artificial intelligence and machine learning, computer vision, high connectivity, cloud computing, complex OS, IoT and Cyber Security are merging into what will become a new industry paradigm. The applications of vehicle-connecting capabilities such as Vehicle-to-Everything (V2X) technology seem endless.
Security evaluations in the automotive industry
The automotive market still lacks specific security assessment frameworks. Until very recently, systems and methodologies in this domain were driven by safety alone. While safety and security are closely related, safety is driven by likelihood and statistics, whereas security is driven by the potential of particular attack scenarios.
Security evaluations can be applied to the different trust domains in the automotive market. This is a way to identify the product’s security functionality and its strength, giving full visibility to the rest of the trust domain regarding compliance with the security requirements in that particular domain. Security evaluation can take different shapes depending on the trust domain. For in-car systems, typical scenarios are working on the CAN bus performing remote attacks on CAN transceivers or performing fuzzing operations on CAN bus lines and other accessible transmission and input lines.
Certification programmes
Security evaluations can be conducted using Common Criteria and SESIP-based methodologies to demonstrate readiness for or compliance with:
- GDPR
- J3061
- ISO 21434
- UNECE WP.29
- C2C V2X
- C-ITS
Automotive Standards & Recognitions
C2C V2X
C2C V2X
ISO/SAE 21434
ISO 26262
TISAX
TISAX
UNR 155 UNR 156
FIPS 140-2
FIPS 140-3
WP.29
WP.29
Standards & Recognitions
J3061
ISO 21434
UNECE WP.29
C2C V2X
C-ITS
Product types
Gateways
HSMs
ECUs
Back-end systems
Infotainment
HSMs
ECUs
Back-end systems
Infotainment
TCU