Security & Privacy
Security and privacy are among the top issues in automotive development. Current UNECE WP.29 and ISO/SAE 21434 requirements bring new challenges. For more than 15 years, IAV has been working on concepts for protecting communications within and from vehicles and safeguarding them over the entire life cycle.
Communication within and beyond the vehicle is constantly increasing. The interconnectivity of vehicles with each other and with the surrounding infrastructure (e.g. traffic lights or car parks) is constantly opening up new possibilities, but is also causing additional vulnerabilities for cyber attacks. Every software function and all updates to the control units require reliable protection against hacking. This is where the close connection between security and safety becomes apparent – for example, in vehicles with drive-by-wire control (function control via electrical instead of classic, mechanical connection), successful hacking attacks on IT or the vehicle can have fatal consequences. However, the theft of sensitive data, such as that generated by in-car payment services or the connection of smartphones to vehicles, also has serious consequences.
The relevance is also reflected in the first internationally binding standard on cyber security and software updates. ISO/SAE 21434 is a framework that defines requirements for cyber security-focused workflows. Through it, the Working Party on Automated/Autonomous and Connected Vehicles (GRVA) within the UNECE Economic Commission is creating a technical standard for automotive development and cyberattack prevention. The regulations are to be mandatory for type approvals from 2022 and for all new registrations from 2024.
Our specialists deal with all aspects of Security & Privacy. They develop digital access and driving authorization systems as well as complete systems and concepts for vehicle electronics that meet all security requirements using current methods for authentication and encryption. Embedded Security has been an important topic at IAV for more than 15 years. We support our customers from analysis to SOP – and beyond: Because the Security & Privacy of a vehicle is always under scrutiny. Algorithms that seem secure today may be easily overcome tomorrow by new methods or much faster hardware. This can only be prevented by permanently updating the vehicle software.
"Security has to be an integral part of the design instead of being imposed on existing solutions as an add-on response. There's no safety without security."
— Electronics & Security Divisional Manager
"We have a strong security awareness at IAV. We are in a highly dynamic environment and want to stay one step ahead of the attackers."
— Head of the Embedded Security department
Through our partnerships with universities in the fields of IT security, secure engineering and computer science, we are always at the cutting edge of research and technology. We also develop our own tools such as the “Automotive Cyber Defense Center” (ACDC), which detects and analyzes incoming attacks and initiates countermeasures. This enables us to provide OEMs and suppliers with expert advice on all security and privacy issues. We provide them with security concepts and secure production software, and we also take care of supplier support and security tests. Our goal: We always want to be one step ahead of the attackers – without this leading to restrictions for the users.