Solutions for Cybersecurity

Consulting, Software Tools and Embedded Software

What is the Vector Solution for Cybersecurity?

Cybersecurity is the protection against unauthorized

access to functions and the targeted manipulation of data.

That is why ECU software and vehicle communication are

protected based on security objectives in terms of integrity,

authenticity and confidentiality.

Vector offers the following solutions for efficient imple-

mentation of these goals:

Consulting: Concept development, security testing, tool

support and trainings

Embedded software: AUTOSAR basic software, Flash

Bootloader, software stack for Hardware Security

Modules (HSM)

Tools for testing security-protected ECUs and for fuzz

testing

Overview of Advantages

Broad know-how for the introduction of cyber-

security in your automotive projects

Hands-on experience in the integrated development

of safety and security concepts

Vector SecurityCheck and effective implementation

of security standards, e.g. SAE J3061, ISO 21434

Security consulting services and independent

supplier audits

Vector’s cryptographic library: optimized in terms of

performance and minimized resource requirements

Proven AUTOSAR BSW modules that you can

configure easily and quickly

Enhanced security and improved performance

through execution of selected modules on the HSM

Efficient creation and execution of automotive fuzz

tests with vTESTstudio and CANoe

Security Manager: Uniform and secure interfaces

for the use of cryptographic material (keys, certif-

cates) by Vector tools

Consulting

Security Engineering

Vector supports you in effectively implementing the newly

released standard ISO 21434 with experience from our

many projects with OEMs and Tier-1s. We also offer advise

on the combination of ISO 21434 with ASPICE, ISO 26262

and UNECE CSMS/SUMS. As a ready-to-use “starter kit”,

we deliver the Vector SecurityCheck with risk analysis

(TARA) and process evaluation. Our security experts offer,

among other things, automotive-specific coaching and

training on cybersecurity, defensive coding, etc.

Security Consulting for ECUs and Vehicles

Vector analyzes existing or creates new security concepts

and develops security requirements based on threat

Security mechanisms in an example vehicle architecture

V2.2 | 2021-10

Fact Sheet Solution for Cybersecurity

www.vector.com/contact

integration of security services in AUTOSAR ECUs. It offers

the following features and functions:

Basic cryptographic functions such as hash, random num-

ber generator, MAC/signature generation and verification

Functions for secure key storage, for symmetric and

asymmetric cryptographic algorithms and support of

Secure Boot

Modular and configurable software for optimal adapta-

tion to your use case

The firmware can be adapted to your requirements by

various add-ons and by customer-specific extensions.

Flash Bootloader

The Vector Flash Bootloader (FBL) contains security

modules that can be tailored to meet your specific project

requirements, e.g.:

Secure Bootmanager

Secure Update Manager

Testing of Security-protected ECUs and Networks

Security mechanisms prevent unauthorized access to vehi-

cles and ECUs. This means that, at first, vehicle communi-

cation cannot be accessed during development and later

operation. In order to still be able to access ECUs, the Secu-

rity Manager offers valuable services such as SecOC,

secured diagnostics, TLS and IPsec as well as the manage-

ment of keys and certificates. Furthermore, it supports

various OEM-specific security systems through corre-

sponding add-ons.

The Security Manager is an integral component of the

Vector tools CANoe, CANalyzer, CANape, Indigo, vFlash

and CANoe.DiVa.

More Robust Software Through Fuzz Testing

Despite all the care taken in the analysis, design and imple-

mentation of security mechanisms, it is still necessary to

test them. Fuzz testing is one methodology for testing the

robustness of software. With vTESTstudio and CANoe, you

perform fuzz tests in the automotive field professionally

and efficiently. Signal-based fuzz tests are generated

automatically from DBC and AUTOSAR files.

Testing of V2X Applications

Communication between vehicles and with the infrastruc-

ture is assured by security mechanisms. For testing V2X

applications, CANoe.Car2x offers all necessary functions to

establish communication with a V2X ECU.

More information: www.vector.com/security

scenarios and international standards. You will receive

methodological guidance, tool support and tailored solu-

tions for the entire lifecycle – also in the form of virtual

security support.

Security Testing

Vector Consulting provides independent penetration

testing and further operational assurance for OEMs and

Tier-1s – on the ECU and vehicle level. Our systematic

approach is based on a grey-box method. This is also suit-

able for incremental regression tests and is more efficient

than classic pen testing.

UNECE CSMS and SUMS

Vector supports you in the implementation of UNECE stan-

dards regarding cybersecurity and data protection. The

focus is on cybersecurity management systems

CSMS (R155) and software update management systems

SUMS (R156).

AUTOSAR Basic Software

For your ECU development, Vector provides efficient

modules for realizing your security requirements. The

MICROSAR basic software includes security modules that

can be tailored specifically to your project requirements:

AUTOSAR-compatible cryptographic stack

Secure Onboard Communication (SecOC)

Intrusion Detection System

Transport Layer Security (TLS) client

Ethernet firewall

Key Manager for the management and distribution of

key material and certificates

Security for smart charging

Software Stack for Hardware Security Modules

Vector offers a firmware for Hardware Security Modules

(HSM) from various semiconductor manufacturers for the

Security testing at Vector: Penetration and fuzz testing

as well as testing despite Security