Automotive Security

Security analyses of control units, on-board network architectures and communication links

We provide safety tests for control units, on-board network architectures and communication connections.

Almost all functions of modern vehicles are controlled by electronic control units. At the same time, there are more and more connections to the outside world via which potential attacks are possible: Wireless and wired local interfaces, such as for keyless entry, tire pressure sensors or the connection to a smartphone, telematics interfaces for remote diagnosis and e-Call, new Vehicle2X interfaces of all kinds and a large number of special applications for commercial  and emergency vehicles.

Cyber security for vehicles

Operational and traffic safety has long been a central goal in vehicle development: the environment and occupants should be protected from vehicle malfunctions. The introduction of new interfaces increases the risk of malfunctions being caused by external manipulation. The vehicle itself must now be protected from its potentially malicious environment.

Where operational safety can be based on statistically tangible error probabilities, cyber-security is confronted with creative and insidious attackers. Implementing, testing and evaluating cyber security, for example according to SAE-J3061, therefore requires a completely different approach. The Fraunhofer SIT test laboratory, which has been in existence since 2000, has the necessary experience to carry out meaningful security analyses.

Simulation of operational environment

Control units communicate with other control units, sensors and actuators. Only if this communication takes place as expected does the ECU enter its normal operating state.

For testing ECUs outside the vehicle, it is therefore necessary to simulate the expected environmental conditions in the laboratory. We have various options such as adapters for common bus systems (e.g. CAN, LIN, Flexray, MOST, Automtive Ethernet) and a hardware-in-the-loop test environment. Radio interfaces can be simulated using software-defined radio.

Concept reviews, automated and manual tests

Depending on your requirements and the development status of the test object, we support you by reviewing and evaluating security concepts, testing security measures and conducting practical penetration tests.

Our self developed test tools for automotive protocols such as ISO-TP, UDS, and SOME/IP allow us to easily make necessary adjustments for each test object. Nevertheless, we put great emphasis on manual practical tests, because only in this way the individual properties of each individual test object can be fully taken into account.

Comprehensive reports

Upon completion of the analysis, you will receive an individually formulated, detailed report from us that specifically addresses the test object and its environment. We attach particular importance to the explanation of all identified weaknesses and practical suggestions for their elimination.