Cars Are No Longer Just Transportation Vehicles
Modern vehicles have evolved far beyond simple transportation devices. Today’s automobiles, equipped with over 100 Electronic Control Units (ECUs), have become “computers on wheels” that form complex networks through various internal communication protocols including CAN, CAN-FD, FlexRay, and Ethernet.
While this connectivity provides unprecedented convenience and safety features, it also exposes vehicles to cybersecurity threats. The scenario where hackers remotely control a vehicle’s steering or braking systems—once confined to movies—has become a real possibility.
Recent Automotive Cyber Attacks
Several high-profile incidents have demonstrated the reality of automotive cybersecurity threats:
2015 Chrysler Jeep Hacking Incident: Researchers remotely controlled a Jeep Cherokee through its infotainment system
2016 Tesla Model S Remote Control Case: Security researchers demonstrated remote access to critical vehicle functions
Ongoing Threats: Continuous reports of attackers penetrating internal networks through infotainment systems to compromise core vehicle functions
These incidents highlight that automotive cybersecurity is no longer optional—it’s essential.
Why In-Vehicle Network Security Matters
The Vehicle as a Neural Network
A vehicle’s internal network functions like the human nervous system, connecting ECUs that perform different functions—powertrain, chassis, Advanced Driver Assistance Systems (ADAS), and infotainment—enabling seamless data exchange.
Security Limitations of Legacy Network Protocols
Traditional communication protocols like CAN (Controller Area Network), designed in the 1980s, assumed closed network environments and didn’t account for external threats. These protocols have inherent vulnerabilities:
Key Security Gaps:
No Message Encryption: All communications transmitted in plain text
Lack of Authentication: Cannot verify message sender legitimacy
Broadcast Characteristics: All nodes can receive all network messages
Priority-Based Arbitration: Malicious high-priority messages can disrupt normal communication
Real Attack Scenarios
An attacker who infiltrates the internal network through a vulnerable infotainment system could:
Access Diagnostic Ports (OBD-II): Physical network entry
Bypass Gateways: Exploit network separation device vulnerabilities
Manipulate CAN Messages: Forge and transmit powertrain control messages
Hijack Vehicle Control: Abnormal control of acceleration, braking, and steering systems
Such successful attacks could cause vehicles to accelerate uncontrollably or lose braking capability, creating life-threatening situations.
Defense-in-Depth Strategy is essential—not only providing primary defense against external attacks but also preventing spread to core networks even if some systems are compromised.
ISO/SAE 21434 Overview
ISO/SAE 21434 has established itself as the core global standard for automotive cybersecurity. Rather than simply listing specific technologies, this standard provides a process framework for systematically managing and implementing cybersecurity throughout a vehicle’s entire lifecycle: planning, development, production, operation, and decommissioning.
The standard defines security as a “Security-by-Design” essential requirement that must be considered from the design stage, not as a feature added during final development phases.
5-Step Security Enhancement Strategy
Step 1: Threat Analysis and Risk Assessment (TARA)
All security begins with “knowing your enemy.” TARA systematically identifies potential threats in vehicle internal networks and analyzes their impact to determine risk levels.
Key Activities:
Asset Identification:
Hardware Assets: Steering control ECUs, brake systems, engine management systems
Software Assets: Firmware, bootloaders, diagnostic software
Data Assets: CAN messages, vehicle diagnostic data, personal information
Communication Assets: Network protocols, gateways, communication pathways
Threat Scenario Development:
“Inject malicious firmware through diagnostic port (OBD-II) to bypass gateway and send malicious messages to powertrain CAN network”
“Exploit wireless key system vulnerabilities to gain remote vehicle access, then probe internal networks and disable critical systems”
Risk Assessment Matrix:
Step 2: Security Objectives and Requirements Definition
Based on TARA results, establish Cybersecurity Goals to address high-risk threats, converting abstract risks into concrete technical objectives.
Security Objective Examples:
Risk Scenario: Manipulated messages from infotainment ECU cause brake system malfunction
Derived Security Goals:
“Block unauthorized communication between infotainment and powertrain networks”
“Ensure all powertrain network messages maintain integrity and authenticity”
“Detect and respond to abnormal network activity in real-time”
Detailed Requirements:
Functional: Gateway must allow only authorized message IDs for inter-domain transmission
Performance: Message authentication delays must be under 1ms
System Impact: Security functions must not affect overall system performance by more than 5%
Step 3: Security Architecture Design and Control Implementation
Network Segmentation
Central Gateway-Based Domain Separation:
Control and filter communication between domains (infotainment, powertrain, chassis, ADAS) through central gateway
Implementation Considerations:
Hardware Security Module (HSM) based gateway implementation
Whitelist-based message filtering per domain
Dedicated hardware acceleration for real-time performance
Message Authentication
SecOC (Secure On-board Communication) Implementation:
AUTOSAR-defined standard adding Message Authentication Code (MAC) to CAN/CAN-FD messages
Process:
Sender generates HMAC using original message and secret key
Receiver extracts and verifies MAC from received message
Process only if validation successful
Performance Optimization:
Hardware encryption engine utilization for minimal latency
Selective SecOC application to safety-related messages only
Efficient key management system establishment
Intrusion Detection and Prevention System (IDPS)
Real-time Network Monitoring:
Detection Techniques:
Signature-based Detection: Compare against known attack pattern database
Anomaly Detection: Learn normal traffic patterns and detect unusual activity
Protocol Analysis: Detect violations in vehicle-specific protocols (CAN, FlexRay)
Response Mechanisms:
Alert Generation: Notify driver and control center of anomalies
Traffic Blocking: Immediate blocking of malicious messages
Network Isolation: Temporary network separation of compromised ECUs
Secure Boot and Access Control
Trust Chain Establishment:
Secure Boot: Digital signature verification of bootloader and OS
Remote Attestation: Remote verification of ECU integrity status
Runtime Protection: Memory protection and control flow integrity during execution
Access Control Framework:
Role-Based Access Control (RBAC): Apply principle of least privilege by function
Multi-factor Authentication: Require multiple authentication methods for critical functions
Session Management: Time limits and automatic termination for diagnostic sessions
Step 4: Verification and Validation
Fuzz Testing
Network-Level Fuzzing:
CAN Fuzzing: Test with abnormal CAN IDs, data lengths, transmission cycles
Protocol Fuzzing: Boundary value testing of vehicle standards (AUTOSAR, UDS)
State-based Fuzzing: Input manipulation testing across various ECU operational states
Automated test environments
Penetration Testing
Systematic Penetration Testing:
Physical Access Scenarios:
OBD-II port diagnostic tool connection
ECU firmware dumping and reverse engineering
Hardware debugging interface exploitation
Remote Access Scenarios:
Wireless communication vulnerabilities (WiFi, Bluetooth, Cellular)
Internal network penetration through infotainment systems
Cloud service integration security weaknesses
Security Code Review
Static/Dynamic Analysis Tools:
SAST (Static Application Security Testing): Source code security vulnerability analysis
DAST (Dynamic Application Security Testing): Runtime environment vulnerability detection
IAST (Interactive Application Security Testing): Combined static/dynamic analysis
Step 5: Continuous Monitoring and Incident Response
Vehicle Security Operation Center (VSOC)
Integrated Control System:
Real-time Monitoring: Unified surveillance of global vehicle fleet security status
Threat Intelligence: Collection and analysis of new attack techniques and vulnerabilities
Automated Response: Automated response measures based on risk levels
Over-the-Air (OTA) Updates
Security Patch Distribution System:
Patch Integrity: Digital signature verification of patch files
Rollback Capability: Recovery to previous version if update fails
Differential Updates: Transmit only changed portions to minimize communication costs
User Consent: Driver approval process for critical updates
Incident Response Process
Staged Response Framework:
Detection: Recognize security incident occurrence
Analysis: Determine incident cause and impact scope
Containment: Prevent damage spread
Eradication: Complete removal of attack source
Recovery: Restore normal service
Lessons Learned: Establish recurrence prevention measures
Real-World Implementation Considerations
Performance vs Security Balance
Vehicles are real-time systems where security functions must not impact safety functions:
Latency Constraints: Guarantee safety-related message delivery within specified timeframes
Resource Usage: Minimize CPU and memory impact on existing functions
Power Consumption: Optimize additional power consumption from security features
Cost Efficiency
Risk-Based Priority: Apply to high-risk systems first
Proven Standards: Prioritize validated standard technologies like AUTOSAR SecOC
Supply Chain: Establish security responsibility sharing with component suppliers
Regulatory Compliance
International Regulations: Reflect UN-R155, UN-R156 requirements
Security Certifications: Obtain Common Criteria, FIPS 140-2 certifications
Documentation Management: Systematic documentation for audits and certifications
Future of Automotive Cybersecurity
Emerging Technologies
AI-Powered Threat Detection: Machine learning algorithms for advanced threat identification
Blockchain for Supply Chain Security: Immutable records for component authenticity
Quantum-Resistant Cryptography: Preparation for post-quantum security threats
Industry Collaboration
Information Sharing: Collaborative threat intelligence sharing among manufacturers
Standard Evolution: Continuous updates to ISO/SAE 21434 and related standards
Cross-Industry Learning: Adopting best practices from other critical infrastructure sectors
Conclusion: Security Investment for Trust
Enhancing in-vehicle network security through ISO/SAE 21434 goes beyond regulatory compliance—it’s a fundamental commitment to protecting driver lives and safety in the future mobility era.
Key Success Factors:
✅ Systematic TARA Implementation: Risk-based security design through comprehensive threat analysis
✅ Robust Security Architecture: Application of strong security frameworks and proven technologies
✅ Lifecycle Security Management: Continuous security management throughout vehicle lifecycle
✅ Balanced Approach: Harmonizing performance, cost, and regulatory requirements
These elements have become core competencies that all automotive manufacturers and component suppliers must possess. Through the ISO/SAE 21434 compass, we can open a safe and trustworthy connected car era.
Our ultimate goal extends beyond simply preventing cyber attacks—we must build a smart mobility ecosystem where drivers and passengers can use vehicles with complete confidence and peace of mind.
