Nowadays, information technology is an integral part of modern vehicles. Automotive on-board networks consist of up to 100 electronic control units that realize various vehicle functions and communicate with each other and the outside world via different communication interfaces. Vehicles communicate with their manufacturer’s backend systems and are connected to the Internet or mobile end user devices. In the near future, Car2X communication will add the communication with other vehicles and the traffic infrastructure as well.
On the one hand, this will yield a multitude of new applications in the infotainment area and increase safety and efficiency for traffic participants. On the other hand, it will also result in new threats for data protection and data security. Suitable IT security measures must be taken into consideration already during the design phase (security by design) of such safety-critical systems. Suitable solutions have to meet specific automotive requirements, which frequently demand the development of new security concepts. Vehicles also record a lot of personal data that may allow conclusions with regard to driving behaviour or whereabouts. This is why it is necessary to realize suitable measures for privacy protection from the very beginning (privacy by design).
Fraunhofer SIT addresses the security and data protection aspects in the automotive environment. The institute has wide experience in carrying out security analyses and in designing and realizing hardware and software solutions within the automotive context. The institute offers specifically:
- Security analyses of electronic control units, entire electrical systems, and communication links
- Development of software and hardware based security solutions for electronic control units and vehicle’s electrical systems
- Integration of hardware security modules into automotive architectures
- Design and development of hardware and software based attestation protocols to verify the integrity of control devices
- Development of processes for securing communication links (in-car, C2X, connected mobile devices)
- Development of procedures for secure remote software updates and remote maintenance
- Secure integration of mobile devices and cloud services
- Analysis of data protection aspects regarding their compliance with regulatory requirements and development of new procedures to ensure vehicle’s data protection requirements
- Secure software development in the automotive environment
Fraunhofer SIT is running an Automotive Security Test Lab to analyse hardware and software components used in the automotive field. The Automotive Security Test Lab facilitates penetration tests (white box, grey box, and black box) of both individual components and larger systems as well. The test lab will be expanded continuously in order to accommodate current customer requirements concerning security tests.
Fraunhofer SIT has many years of experience in carrying out security tests and developing secure automotive systems, particularly within the Car2X context. Past and current projects include among others: