Overview

To ensure vehicle security quality, we provide vehicle security assessment services.
To realize high functionality of vehicles such as automotive IoT and autonomous car, it is essential to take measures against cyber attacks. On these backgrounds, UN-R155 (*1) and UN-R156 (*2) came into force as UN regulations on January 22, 2021, and Japan is the first country to enforce them.

(*1) UN-R155: Cyber Security and Cyber Security Management System (CSMS) for Vehicles
(*2) UN-R156: Software Update and Software Update Management System (SUMS) for Vehicles

To meet the requirements of UN-R155 and UN-R156, it is necessary to demonstrate that appropriate measures have been implemented by using various best practices (e.g. "ISO/SAE 21434", which is currently being developed.)
In this service, we provide test items considering UN regulations (UN-R155, UN-R156), international standards (ISO/SAE 21434), and other automotive security guidelines (NHTSA Best Practice, JASPAR standards/technical documents, etc.) And, security assessments are conducted by automotive security experts.

Service Features

  • Automotive security experts
    • More than 50 ECU assessments have been performed and assessments are performed by automotive security experts.

  • Test items based on UN regulations, international standards, and other automotive guidelines
    • We develop test items in consideration of UN regulations (UN-R155, UN-R156), international standards (ISO/SAE 21434), and other automotive guidelines (NHTSA Best Practice, JASPAR standards/technical documents, etc.)

  • Manual tests at domestic sites
    • All tests are conducted in Japan.
    Reverse engineering of firmware allows for in-depth analysis considering each function.

  • Report recommended countermeasures
    • We suggest recommendations for countermeasures in addition to the assessment results of detected vulnerabilities.

Service Details

We develop test items based on the provided information, and vehicle assessments are conducted by automotive security experts.

Flow of Vehicle Security Assessment

  • Step.1 Threat Analysis
    • Test items are developed based on the customers' requests. Typical methods are as follows
    • By NDIAS: Please refer to"Threat Analysis for Vehicle and ECU".
    • By you: Test items are developed based on (1) the threat analysis results provided from you and (2) our standard test items.
    • Use our standards: Based on (1) the provided information for functions and interfaces and (2) our standard test items, test items are developed.
  • Step.2 ECU test
    • Security assessments for ECU in unit level.
    • For more details of ECU security assessment, please refer to"ECU Security assessments".
  • Step.3 Vehicle evaluation
    • Based on the vulnerabilities detected in Step.2, the impact is evaluated as the entire vehicle.
  • Step.4 Report
    • The following information will be reported.
    • Details of the detected vulnerabilities
    • Danger level and difficulty of the detected vulnerabilities
    • Reproduction procedures
    • Recommended countermeasures
    • Impact on the entire vehicle
    • Results of each test item
    etc.

Service Flow

Flow of Vehicle Security Assessment

Contact

Click here to inquire about this service