In contrast to the classic safety tests, security problems are unexpectedly and hard to predict. They are exploited by unpredictable, intelligently acting attackers. To achieve anyway a comprehensive and meaningful assessement within a limited testing period, a systematic approach is necessary – especially for the implemention of IT safety analysis of electronic systems like required e. g. in IEC 62443 – that challenges the developers and testers time and again to a new extent.
But also experienced safety experts from the IT environment have to appropriate continuously new methods and approaches to be able to accomplish practical tests for electronic devices efficiently. The range of topics reaches from the analysis of the circuit board, attacks on the conductor and Bus level, safety of Crypto chips, CAN firewalls, UDS fuzzing, binary analysis up to protocols for wireless interfaces. The hardware developers need to protect control units permanently and durably against interferences, therefor hardware security modules (HSM) amongst other things are an indispensable basis. Because of the increasing connection of devices and vehicles to the internet (internet of things), their IT becomes more vulnerable.
On the one hand the IT has to be protected against unauthorized accesses with the intention to manipulate the embedded software (e.g. tuning) or to manipulate the access protection (e.g. immobilizer in vehicles). On the other hand there is the risk that criminals might use the internet interfaces to hack the electronic control units and are able to change the device behavior by using targeted manipulation. Furthermore the weaknesses of the traditional public key infrastructures (PKI) should be avoided by focusing the devices (not the users) and by taking the long life cycles into consideration.
If you need more information for cyber-security, please contact us about the details for our service around cyber-security.