Automotive

As automotive systems grow in complexity, automotive cybersecurity becomes increasingly crucial for designing vehicle systems, road infrastructure, fleet management systems, and other critical components. Securing automotive systems requires not only strong security expertise but also domain-specific knowledge of automotive systems and experience in embedded systems design and exploitation.

Tetrel offers a range of services to support automotive OEMs and suppliers in addressing their cybersecurity requirements. From defining security requirements for a program to conducting penetration and fuzz testing of a complete ECU, our extensive industry experience enables us to provide targeted support to help you meet the demands of customers and regulators.

Services

#

Automotive Security Assessment & Penetration Testing

#

An increasing number of customers require penetration tests of sub-components. Tetrel staff have been performing these tests for customers for over five years. We have developed a process for ensuring these engagements are correctly scoped and efficiently delivered.

Secure System Design Advisory

#

Modern embedded devices can leverage many security tools, but they require specific knowledge to be integrated into a system securely. Our experience in embedded systems allows us to support companies in the design phase to mitigate threats early in the design process.

In an advisory role, Tetrel can provide either product-specific support or general office hours to assist in the security aspects of system design.

Typical topics for design advisory include:

• Threat Assessment and Remediation Analysis (TARA)
• Code signing and secure boot
• Operating system hardening
• Schematic and Gerber design review
• Cryptography usage, key storage, Hardware Security Modules (HSMs)
• Manufacturing and supply chain security
• Security lifecycle management

ISO 21434 Support

#

Tetrel has experience in developing work products for ISO 21434, including Threat Assessment and Remediation Analysis (TARA), cybersecurity specification definition, and vulnerability analysis.

Selected Publications

#

A curated list of publications and presentations by our team is provided for your review.

Articles and Papers

#

• Secure Device Provisioning Best Practices: Heavy Truck Edition
• Entropy for Embedded Devices
• Embedded Device Security Certifications
• Hardware Security By Design: ESP32 Guidance
• Importance of Embedded Systems Security Requirements
• Practical Considerations of Right-to-Repair Legislation
• Secure Device Manufacturing: Supply Chain Security Resilience

Conference Presentations

#

• NorthSec 2021 — Building CANtact Pro
• escar 2021 — Observations from the Front Lines
• Black Hat Europe 2018 — RustZone: Writing Trusted Applications in Rust (info, source)
• DEFCON 26 Car Hacking Village — Go Hack Cars (source)
• SecTor 2017 — Reverse Engineering Automotive Diagnostics (video)
• PacSec 2017 – Security Considerations in the Supply Chain
• PyCon USA 2017 — Hacking Cars with Python (info, video, slides)
• Black Hat Asia 2017 — Open Sourcing Automotive Diagnostics (info)
• SecTor 2016 — CANtact: Open Tools for Automotive (video)