OEM&Lieferant Ausgabe 2/2021

105 IT & Automotive Cybersecurity included Security for AUTOSAR Adaptive architectures By Dr. Stuart Mitchell, RTA-VRTE Senior Product Manager at ETAS GmbH, and Dr. Michael Peter Schneider, Project Manager AUTOSAR Security at ESCRYPT GmbH AUTOSAR Adaptive paves the way to an intelligently connected vehicle. To provide reliable protection against cyberattacks, this standard features security functions that can be integrated today into tomorrow’s E/E architectures. E/E architectures with signal-based con- nectivity and functionally partitioned ECUs are reaching their limits when it comes to connected and highly automated vehicles. Calls for autonomy and connectivity lead to centralized high-performance vehicle computers (VCs) and domain controllers (DCUs) making strategic decisions, and sen- sor and actuator ECUs simply executing the commands. The AUTOSAR Adaptive platform provides the framework for these new E/E architec- tures. It makes it possible to dynamically adapt application software and uses the AUTOSAR Runtime for Adaptive Applica- tions (ARA) interface to establish a connec- tion with a POSIX-based operating system, such as Linux (Fig. 1). To ensure that soft- ware from different vendors and of different ASIL categories run safely on the VC, hyper- visors are used to preconfigure partitioning. Cybersecurity management Smart connected vehicles cannot be se- cured with individual measures, but only with integrated concepts based on risk analyses of the entire vehicle architecture. These concepts must be broken down to the security requirements of individual com- ponents, ECUs, and their logical partitions. Accordingly, AUTOSAR Adaptive features an integrated basic set of security functions that developers can use to address the shifting quantitative and qualitative protec- tion requirements of connected, automated vehicle systems. Given that distributed, soft- ware-based E/E architectures drive up data loads under real-time conditions, security measures must be designed to perform bet- ter. This is why the following security func- tions have been integrated into AUTOSAR Adaptive (Fig. 2). Cryptography as a “key component” Many security use cases rely on cryp- tographic primi tives to, for example, encrypt confidential data or verify the signature of software updates. The cryp- tographic keys and certificates required to do so must be stored securely, managed by an authorized application, and some- times even synchronized across several ECUs. In AUTOSAR Adaptive, these prim- itives are provided through the cryptogra- phy functional cluster (also called crypto API). It offers an abstraction of the inter- faces provided and thus increases overall software portability. To ensure secure data exchange, AUTOSAR Adaptive follows the latest standards, in- cluding TCP/IP communication via Ethernet. Image/Graphics: © ETAS GmbH Figure 1: While AUTOSAR Classic supports systems with fixed real-time requirements, AUTOSAR Adaptive distinguishes itself as the standard for dynamic applications. Classic applications Hardware platform Over-the-air applications and services Hypervisor μC μP HSM μC RTE = Runtime Environment ARA = AUTOSAR Runtime for Adaptive Applications API = Application Programming Interface μC = Microcontroller μP = Microprocessor HSM = Hardware Security Module RTE RTE ARA ARA Di erent APIs Clearly defined functional safety Clearly defined functional safety Flexible functional safety Flexible functional safety No ASIL classification Classic platform Classic platform Adaptive platform Adaptive platform Linux platform