Security partners for the industry
The combination of automated or semi-automated physical features with connected technologies may introduce significant security and safety risks to modern vehicles. This is a well-known challenge, especially after incidents such as the Jeep hack and the Tesla hack received mass media attention.
In order to improve vehicle security and safety, one needs to harden not only safety-critical components but also any other component they are connected to. The security challenges at a component level should be addressed with a combination of robust software and hardware security mechanisms. Software security is critical in order to protect the ECUs from remote attacks, while hardware security should be used to support firmware confidentiality and authentication, protect cryptographic secrets and provide countermeasures against software exploitation.
Tools - Riscure Huracan
Huracan can be easily integrated in your existing test bench to guarantee a baseline security of an ECU
Training - Embedded Security for Automotive
Essential security insight on building robust automotive hardware
Key questions we can help you with
I am developing a new solution for which I want a robust security result, where do I start?
Our Security Canvas workshop is a custom module with which your development team can engage with our security analysts to define valuable assets, attacker profile, threads and attack trees. The result of the workshop is clear security guidance for your development team to embed in the solution.
Can you verify and improve the security level of my automotive solution?
We can offer an extensive range of services like review of individual components (SOC, ECU microcontroller, etc), communication protocols and automotive network design in terms of attack surface, secure boot, cryptographic functionality, robustness of countermeasures, review of TEE/OS, and so on.
I have implemented Secure Boot, use a TEE and an HSM to protect keys. Is my vehicle secure?
Adding security features alone won’t make a solution secure. We can participate from the development process onwards with threat modeling, secure design as well as testing and verification along the development path.
How can I protect against IP theft and reverse engineering?
We have over a decade of experience of testing for hardware level attacks with the aim to extract firmware. Our analysts will be able to confirm the risk level associated with your solution.
How can I protect V2V/V2I deployments?
Riscure has supported several industries who have extensive experience with secure communication protocols, including secure OTA updating. We will not only review the design, but also effectively test for cryptograhpic robustness.
Protect your firmware!
While testing for logical attack paths is very important... do not underestimate how a hardware attack can extract firmware from a control unit to create a "white box" and from there trigger scaleable logical attacks much more easily. Firmware protection is not only IP protection, but also prevents an easy path to logical attacks.
- Contact us
Pascal van Gimst
- Vice President Global Services Sales and Business Development