The Firmware Security Module (FSM) is a software-based solution that retroactively protects control units against novel cyberattacks — even without dedicated security hardware or with hardware that cannot be updated. To achieve this, the FSM uses a processor core isolated specifically for this purpose or a virtual machine (VM) within the control unit. This means the cryptographic algorithms are not fixed by the hardware and can be flexibly adapted to current developments (crypto agility).

With FSM, OEMs gain a flexible and effective way to retrofit existing systems with the security mechanisms currently required. Especially in the context of Software Defined Vehicles (SDVs), the crypto agility of FSM is crucial to ensure data protection throughout the entire lifecycle of the vehicle. 

IAV quantumSAR is an AUTOSAR-compliant crypto driver that can easily be integrated into existing systems and enables the implementation of updatable encryption algorithms. The open-source project is publicly available and can be individually customized or developed.

The encryption algorithms can be executed on a conventional microcontroller — and according to current scientific knowledge, they remain secure even against attacks by quantum computers. Currently, these include the four cryptographic methods standardized by NIST: FIPS 203, FIPS 204, FIPS 205, and FIPS 206. In this way, IAV ensures that vehicles remain protected against cyberattacks in the future.

In our Cybersecurity Lab, we combine the expertise of our experienced security specialists with state-of-the-art tools and the necessary hardware to support our comprehensive portfolio of services. This is also where IAV conducts its research in the field of cybersecurity. By merging up-to-date knowledge with years of experience, we are able to identify, analyze, and eliminate cybersecurity vulnerabilities.

One of the highlights of the Cybersecurity Lab is the prototype-safe shielding cabin used for penetration testing of passenger cars and small commercial vehicles. In this enclosed environment, we can simulate attacks via WiFi or 5G. Remote attacks are among the most critical attack vectors, making the shielding cabin an indispensable tool for securing vehicles.

Our services support OEMs throughout the entire lifecycle of their vehicles — from development and validation to long after the start of series production. Independent of specific products, we offer cybersecurity consulting that reflects the current state of research and technology. The Cybersecurity Lab is also where products like IAV Quantum SAR were developed as open-source solutions for updatable encryption algorithms. 

The ACDC enables vehicles in the field to be monitored and detects security vulnerabilities. It empowers cybersecurity experts to respond quickly and effectively to detected threats, providing continuous protection throughout the vehicle's lifespan. 

With the advent of quantum computers, cybersecurity will undergo fundamental changes. Quantum computers have the ability to perform special calculations at a speed that is impossible for conventional computers. This has direct implications for the security of our digital systems.

A simple example: Let's assume that a connected vehicle uses conventional encryption methods to secure communication between the vehicle and the infrastructure. This encryption is based on mathematical problems that are very difficult for today's computers to solve, making the data transmission secure. However, a quantum computer could solve these mathematical problems in a fraction of the time it would take a conventional computer. This means that the encryption protecting the vehicle could effectively be hacked, giving attackers access to critical systems and sensitive data.

In penetration testing, we work our way layer by layer into the vehicle’s interior — from remote attacks to intrusion attempts via local and network access, all the way to attempted manipulation of control units. In doing so, we leverage our expertise in embedded systems and draw on the extensive knowledge of IAV experts across all domains of vehicle development.

Our specialists are also well connected within the cybersecurity community and stay up to date with current trends in the field. This enables us to replicate in the lab all attack techniques that potential adversaries are likely to use.

We examine components and systems, up to and including the entire vehicle. With our expertise, we support our customers throughout the entire lifecycle of their vehicles—from development and validation to post-SOP troubleshooting. We place particular emphasis on end-to-end security: our tests ensure that cybersecurity is consistently maintained during data exchange between control units and external systems such as the cloud or smartphones.

A key tool in this process is our shielding cabin, which allows us to simulate attacks via WiFi or 5G. It is prototype-safe and suitable for testing passenger cars and small commercial vehicles. This ensures our customers can confidently meet the requirements of current standards such as UNECE R155, ISO 21434, the EU Cybersecurity Resilience Act, and ISO 24882.