Technical Expertise

Matching security with business objectives every day

 

This chapter is about applying the aforementioned security engineering process and services. It shows an excerpt of specific technical security aspects that we typically work on and tailor to the technical as well as non-technical objectives of our customers.

Risk Analysis Tooling

Risk analysis is crucial to identifying the security mechanisms that are actually worth investing in. There are many risk assessment methods on the market that are structured around a trade-off between the effort that is required to model the system and the accuracy of results.

Secure Boot

Attacks that survive a reboot of a control system can be used by attackers for a variety of purposes, including tuning and exploration of whether additional system components can be attacked.

Secure Update

A system update feature is a double-edged sword. On the one hand, an update functionality is crucial to be able to patch newly identified vulnerabilities in a connected world.

Secure Diagnostics

Diagnostic capabilities are an essential feature of any ECU, no matter if in the development or out in the field.

Secure Communication

“Defense-in-Depth” is an important paradigm of modern security architectures. In simple words it means “Security mechanisms can fail, so do not trust single mechanisms.”

Customized Cryptographic Protocols

Cryptographic communication protocols are omnipresent in the connected world of today. Examples include pairing of smart devices, over-the-air updates and diagnostic access.

Key Management

Key management is the foundation of most security concepts. Regardless of whether a Secure Boot concept has to be established or updates have to be secured, cryptographically strong keys are necessary and have to be managed.

Hardware Security Modules

Hardware Security Modules (HSMs), ARM Trustzone and Trusted Platform Modules (TPMs) are hardware enclaves that are separated from the much more complex and potentially vulnerable main system.

Virtualization

A common goal is to reduce the physical complexity of, for example, a car network and all its attached systems. In order to achieve that goal, fewer but more powerful processors must be utilized that, in turn, handle many different tasks at once.

Intrusion Detection Systems

Intrusion detection systems (IDS) are the “immune system” of products that enable companies to detect and be able to react to attacks that are in progress.

Counterfeit Protection

Theft of intellectual property and product counterfeiting has continuously increased in recent years. As product counterfeits have a direct impact on revenue and constitutes a risk to return-on-investment calculations, preventing it is one of the top priorities with most of our customers.

Cloud Integration

In the Internet-of-Things, embedded systems are often connected with a backend that is hosted in the cloud. This leads to a system that includes embedded devices as well as a communication channel and an IT backend.

AUTOSAR Security

AUTOSAR is a standard for modern vehicle E/E architectures that can be applied to embedded control units (classic AUTOSAR) and vehicle computers (adaptive AUTOSAR). AUTOSAR can be applied in the Automotive domain, to off-highway machines and sometimes even to medical equipment.

Risk Analysis Tooling

Risk Analysis Tooling

Risk analysis is crucial to identifying the security mechanisms that are actually worth investing in. There are many risk assessment methods on the market that are structured around a trade-off between the effort that is required to model the system and the accuracy of results.

Secure Boot

Secure Boot

Attacks that survive a reboot of a control system can be used by attackers for a variety of purposes, including tuning and exploration of whether additional system components can be attacked.

security

Secure Update

A system update feature is a double-edged sword. On the one hand, an update functionality is crucial to be able to patch newly identified vulnerabilities in a connected world.

security

Secure Diagnostics

Diagnostic capabilities are an essential feature of any ECU, no matter if in the development or out in the field.

security

Secure Communication

“Defense-in-Depth” is an important paradigm of modern security architectures. In simple words it means “Security mechanisms can fail, so do not trust single mechanisms.”

security

Customized Cryptographic Protocols

Cryptographic communication protocols are omnipresent in the connected world of today. Examples include pairing of smart devices, over-the-air updates and diagnostic access.

security

Key Management

Key management is the foundation of most security concepts. Regardless of whether a Secure Boot concept has to be established or updates have to be secured, cryptographically strong keys are necessary and have to be managed.

Hardware Security Modules

Hardware Security Modules

Hardware Security Modules (HSMs), ARM Trustzone and Trusted Platform Modules (TPMs) are hardware enclaves that are separated from the much more complex and potentially vulnerable main system.

Virtualization

Virtualization

A common goal is to reduce the physical complexity of, for example, a car network and all its attached systems. In order to achieve that goal, fewer but more powerful processors must be utilized that, in turn, handle many different tasks at once.

Intrusion Detection Systems

Intrusion Detection Systems

Intrusion detection systems (IDS) are the “immune system” of products that enable companies to detect and be able to react to attacks that are in progress.

Counterfeit Protection

Counterfeit Protection

Theft of intellectual property and product counterfeiting has continuously increased in recent years. As product counterfeits have a direct impact on revenue and constitutes a risk to return-on-investment calculations, preventing it is one of the top priorities with most of our customers.

Cloud Integration

Cloud Integration

In the Internet-of-Things, embedded systems are often connected with a backend that is hosted in the cloud. This leads to a system that includes embedded devices as well as a communication channel and an IT backend.

AUTOSAR Security

AUTOSAR Security

AUTOSAR is a standard for modern vehicle E/E architectures that can be applied to embedded control units (classic AUTOSAR) and vehicle computers (adaptive AUTOSAR). AUTOSAR can be applied in the Automotive domain, to off-highway machines and sometimes even to medical equipment.