Cyber security affects all industries that work with embedded systems. Learn more about specific technical security aspects that we typically work on and tailor to the technical as well as non-technical objectives of our customers.
Cyber security strategy and process consulting
UNECE r155 and Cybersecurity Resilience Act (CRA) strategy consulting
Drawing on our certification experience, we advise you on UNECE r155 regulations and Cyber Security Resilience Act (CRA) provisions that are relevant to obtaining approval. Count on us to guide you through the process from strategy development to technical service assessment.
Public key infrastructure (PKI) process consulting
Many organizations already have public key Infrastructures (PKIs) in place for their IT systems. We enable our customers to integrate key management for products/ control units with these legacy PKIs. To this end, we have tackled tasks such as root-of-trust bootstrapping, certificate signing request handling, and manufacturing line integration in our projects.
Supplier management process consulting
Cyber security does not end at your organization’s gates. If you want to develop a secure product, parts furnished by your supplies also need cyber security protection. We help our customers establish processes, determine interdisciplinary specifications, and conclude cyber security interface agreements (CSIA).
Continual cybersecurity activities consulting
Cyber security remains a concern after the product has been rolled out on the market. Many processes have to be defined and clarified to keep up with this task. We help our customers do this with a range of services that includes defining cyber security monitoring practices, analyzing and managing vulnerabilities, and handling incident response processes.
Cybersecurity testing process consulting
There is no getting around functional and non-functional tests when testing cyber security mechanisms. Sometimes it is difficult to determine the depth and scope for testing. We help our customers develop test strategies for their products – and can even evolve these on demand.
Penetration Testing
Automotive penetration testing
We test your automotive control unit or vehicle.
Application examples:
Unified Diagnostic Services (UDS),
Control Area Network (CAN / CAN-FD),
LIN and Automotive Ethernet,
SOME/IP, DDS, DoIP, NFC,
Wifi, Bluetooth and BLE,
JTAG / XCP / DAP,
Secure Boot and Secure Update
Web penetration testing
We test your web application or web service.
Application examples:
OWASP and OAuth,
Keycloak and Kubernetes,
Docker and Angular,
Spring Boot,
React and NodeJS,
SQL- and NoSQL databases
IT penetration testing
We test your IT network.
Application examples:
Internal and Internet-facing,
Service Port Scans and In-depth Vulnerability Analysis,
Active Directory,
Network Shares,
ADFS and AzureAD,
ADCS and Databases
Cyber Security Engineering
RISK ANALYSIS TOOLING
Risk analysis is crucial to identifying the security mechanisms that are actually worth investing in. The tools we have developed specifically for this purpose enable us to strike the right balance between system reasonable modeling effort and sufficiently accurate results.
SECURE BOOT
Attacks that survive a reboot of a control system can be used by attackers for a variety of purposes, including tuning and exploration of whether additional system components can be attacked. You can count on us to create, test, and implement secure boot concepts for you.
SECURE UPDATE
A system update feature is a double-edged sword. An updating function to redress vulnerabilities is one priority; another is security mechanisms to prevent misuse such as attempts to install malware.
SECURE DIAGNOSTICS
Diagnostic capabilities are an essential feature of any ECU, no matter if in the development or out in the field. Authentication/ authorization concepts are necessary to protect diagnostic interfaces. This will have an impact on the diagnostic tester, backend systems, and the ECU itself.
SECURE ONBOARD COMMUNICATION
In-vehicle communication has to be secure to prevent manipulated messages from infiltrating the network by physically accessing the bus or via compromised devices connected to the bus. Special cryptographic solutions often have to be developed to enable secure communication – even on older bus systems.
CUSTOMIZED CRYPTOGRAPHIC PROTOCOLS
Cryptographic communication protocols are omnipresent in the connected world of today. Sometimes the given conditions preclude the use of standard protocols. In that case, our experts can develop application-specific cryptographic protocols for you.
KEY MANAGEMENT
Key management is the bedrock of most security concepts. Powerful cryptographic keys are essential to establishing a secure boot concept and securing updates. These keys have to be managed, delivered, and perhaps even replaced.
HARDWARE SECURITY MODULES
Hardware Security Modules (HSMs), ARM Trustzone and Trusted Platform Modules (TPMs) are hardware enclaves that are separated from the much more complex and potentially vulnerable main system. We provide end-to-end services from consulting to development to help with integration on the host side and with firmware in the hardware enclave.
VIRTUALISIERUNG
As software-defined vehicles and vehicle computers gain traction, virtualization has become crucial to isolating software components at the hypervisor and container levels. Virtualization also directly impacts how cyber security mechanisms are integrated, for example, when connecting HSMs.
INTRUSION DETECTION SYSTEMS
Intrusion detection systems (IDS) serve as products’ immune system by spotting and defending against attacks. We provide IDS engineering services encompassing everything from conceptualization and the general IDS strategy to integrating the right sensors.
COUNTERFEIT PROTECTION
Theft of intellectual property and product counterfeiting has continuously increased in recent years. As product counterfeits have a direct impact on revenue and constitutes a risk to return-on-investment calculations, preventing it is one of the top priorities with most of our customers.
CLOUD INTEGRATION
In the Internet-of-Things, embedded systems are often connected with a backend that is hosted in the cloud. When considering the overall cyber security concept, you have to factor in the communication channel to the IDS as well as the IT backend/ web service component. Count on our team of experts to tailor a concept to your needs and put it into practice in the way that best suits your situation.
Security is like the brakes of your car. It slows you down but it also enables you to go a lot faster.
The trend towards connected products is giving rise to innovative features – and also to the possibility of malicious attacks, particularly from faraway hackers.
AUTOSAR is a standard for modern vehicle E/E architectures that can be applied to embedded control units (classic AUTOSAR) and vehicle computers (adaptive AUTOSAR). AUTOSAR can be applied in the Automotive domain, to off-highway machines and sometimes even to medical equipment.
