These days, the trend is towards connected, partially, and highly automated driving functions – calling for comprehensive security solutions. Traditional defenses that protect single functions are no longer sufficient in the face of these developments. After all, the vehicles affected will be on the roads for many years to come – and therefore have to withstand many generations of hacker attacks. The answer to the problem is automotive security solutions that combine attack detection and blocking functions in a self-teaching control loop. ESCRYPT’s Intrusion Detection and Prevention Solution (IDPS) follows precisely this approach, offering a cyclical, multitiered defense strategy that combines various system components.
The embedded CycurGATE firewall, for instance, immediately blocks any attack on an ECU that follows a known attack pattern. Even so, to be able to continue guarding against the constantly shifting lines of attack in the future, the firewall’s rule sets (black and white lists) must be constantly updated. This is where the embedded CycurIDS attack detection software comes into its own. CycurIDS has been designed for both CAN- and future Ethernet-based E/E architectures, and constantly monitors data traffic. It is able to detect typical attack signatures, especially anomalies in cyclical messages and misappropriation of diagnostic requests. Any anomalies logged are either saved to the vehicle for later analysis or – for a fast response – automatically saved to a cloud-based event database.
In the final step of the process, IDS data from the entire vehicle fleet is aggregated and analyzed in the backend using the big data analysis tool CycurGUARD. This software draws on its continually growing attack database to identify any acute threats in real time, and notify the cyber security team when necessary. The security team can then perform further analysis, implement the necessary countermeasures, and roll out a security update to all the vehicles in the fleet.