Since mid-2022, vehicle manufacturers have had to demonstrate cybersecurity when registering a new vehicle type in accordance with UNECE 155. As a result, they must now effectively secure the integrity and authenticity of communication between ECUs and between the vehicle and back-end systems.
Since Ethernet communications typically use TLS (Transport Layer Security) for protocol security, test systems must be developed for TLS implementation that not only secure functional aspects, but also test for cybersecurity vulnerabilities.
Cyberattacks on connectivity are becoming scalable and can lead to major negative impacts for automakers and their suppliers. UNECE Working Group 29 has therefore proposed regulations on cybersecurity - Regulation 155 - and software update management - Regulation 156 - which came into force at the beginning of 2021, creating a paradigm shift in the automotive industry in all participating member states. They stipulate, for example, that identified risks must be mitigated and extensive testing must be carried out.
Charging communication also falls under this regulation. Procedures such as Plug & Charge for charging and payment at public charging stations require encrypted communication in accordance with DIN EN ISO 15118.
However, the communication interfaces required for this also significantly increase the attack surface for potential hackers or cybercriminals. For example, attacks can cause a general disruption of the charging infrastructure, all the way to tapping identities that can be used for various types of fraud.
Testing the TLS interface
When server and client systems communicate with each other, securing these connections is now essential. It must be possible to prove at any time who was or is connected to whom, to encrypt the transmitted data so that third parties cannot read or modify it. These network connections use cryptographic technologies. In this context, the implementation as well as the correct use of existing libraries is a major challenge.
When testing the TLS implementation, the following aspects must be taken into account:
- Conformance to the standard: conformance of the functional behavior to both RFC standards and the functional requirements of the automotive application, for example according to the ISO 15118 standard, must be ensured so that vehicle components can communicate with each other interoperably.
- Configuration: The available variety of configuration options is so extensive that loopholes for attackers can arise both during integration and during subsequent configuration of the vehicle component. Verification of the configuration should ensure that it is secure in the sense of the requirements, for example according to the ISO 15118 standard or the BSI checklists. This includes, for example, the cipher suites used (according to ISO 15118, for example, only 2 specified cipher suites may be used)
- Tests for correct implementation: A robust protocol implementation should also be checked, for example in the event of manipulation of the message sequence or checking the padding for correctness.