ECU Security Assessment

Security assessments conducted by automotive security experts - by NDIAS

Overview

To ensure vehicle security quality, we provide ECU security assessment services.
To realize high functionality of vehicles such as automotive IoT and autonomous car, it is essential to take measures against cyber attacks. On these backgrounds, UN-R155 (*1) and UN-R156 (*2) came into force as UN regulations on January 22, 2021, and Japan is the first country to enforce them.

(*1) UN-R155: Cyber Security and Cyber Security Management System (CSMS) for Vehicles
(*2) UN-R156: Software Update and Software Update Management System (SUMS) for Vehicles

To meet the requirements of UN-R155 and UN-R156, it is necessary to demonstrate that appropriate measures have been implemented by using various best practices (e.g. "ISO/SAE 21434", which is currently being developed.)
In this service, we provide test items considering UN regulations (UN-R155, UN-R156), international standards (ISO/SAE 21434), and other automotive security guidelines (NHTSA Best Practice, JASPAR standards/technical documents, etc.) And, security assessments are conducted by automotive security experts.

Service Features

  • Automotive security experts

    More than 50 ECU assessments have been performed and assessments are performed by automotive security experts.

  • Test items based on UN regulations, international standards, and other automotive guidelines

    We develop test items in consideration of UN regulations (UN-R155, UN-R156), international standards (ISO/SAE 21434), and other automotive guidelines (NHTSA Best Practice, JASPAR standards/technical documents, etc.)

  • Manual tests at domestic sites

    All tests are conducted in Japan.
    Reverse engineering of firmware allows for in-depth analysis considering each function.

  • Report recommended countermeasures

    We suggest recommendations for countermeasures in addition to the assessment results of detected vulnerabilities.

We develop test items based on the provided information, and ECU assessments are conducted by automotive security experts.

Flow of Vehicle Security Assessment

  • Step.1 Threat Analysis
    Test items are developed based on the customers' requests. Typical methods are as follows
    • By NDIAS: Please refer to"Threat Analysis for Vehicle and ECU".
    • By you: Test items are developed based on (1) the threat analysis results provided from you and (2) our standard test items.
    • Use our standards: Based on (1) the provided information for functions and interfaces and (2) our standard test items, test items are developed.
  • Step.2 HW test
    • From the HW perspective, the components on the board are tested directly.
    • Penetration tests from each interface (CAN/Ethernet/Wi-Fi/Bluetooth/LTE/USB etc.) are conducted.
  • Step.3 SW test
    • Both dynamic and static analyses are conducted to identify vulnerabilities.
    • Although black-box tests are possible, white-box tests are more effective to identify vulnerabilities from a broad point of view in a limited time.
  • Step.4 Report
    The following information will be reported.
    • Details of the detected vulnerabilities
    • Danger level and difficulty of the detected vulnerabilities
    • Reproduction procedures
    • Recommended countermeasures
    • Impact on the entire vehicle
    • Results for each test item
    etc.

Service Flow

Flow of Vehicle Security Assessment

Contact