Strategic Aspect of Crypto Agility

Dennis Kengo Oka･Philipp Jungklass･Claude-Pascal Stoeber-Schmidt (IAV)

Cryptographic agility is crucial in the automotive sector due to threats from quantum computers and other factors like increased computing power, vulnerabilities in algorithms, and security bugs. It is a continuous process affecting a vehicle's entire service life, requiring updates to cryptographic algorithms. This article explores cryptographic agility's impact on vehicles, covering phases like development, production, and end customer usage. The focus is on ensuring security throughout the vehicle's lifecycle, adapting to evolving threats and technological advancements to maintain robust protection against potential security breaches.

Cybersecurity for Euro 7
-Requirements, Risks and Technical Solutions for Next-Generation Vehicles-

Claude-Pascal OkaStöber-Schmidt･Richard Lange (IAV)･Steve Peters･Dennis Kengo Oka (IAV Japan)･Philipp Jungklass (IAV)

The Euro 7 regulation imposes stricter vehicle emissions, durability, and data integrity requirements, emphasizing cybersecurity as crucial for compliance. With vehicles relying on interconnected ECUs, secure diagnostics, and on-board monitoring (OBM), protection against tampering and unauthorized access is vital. This paper examines Euro 7 cybersecurity obligations, focusing on anti-tampering, OBM data integrity, secure data transmission, software update security, and alignment with UNECE R155/R156. It highlights threat analysis, secure update processes, and the need for testing and vulnerability assessment of OBM and diagnostic interfaces. We explore regulatory and organizational frameworks and technical solutions to meet Euro 7 security expectations.

Penetration Tests for Guiding Development
-Shift Left Approach for Penetration Tests during Development-

Claude-Pascal Stöber-Schmidt･Florian Look･Patrick Loster (IAV)･Dennis Kengo Oka･Takuya Nigoro (IAV Japan)

This paper explores the integration of realistic penetration testing within development timelines, emphasizing the balance between thorough security assessments and project deadlines. It examines the expectations for results, highlighting the necessity for advanced methods, automation, and tools to streamline the process. The study discusses the benefits of early detection of vulnerabilities, which can enhance security and reduce post-release fixes, while also addressing potential disadvantages such as resource allocation and possible delays. By providing insights into effective penetration testing strategies during development, the paper aims to guide developers in optimizing security practices without compromising project timelines.