Solution Overviews

cso_automotive_threat_assessment_services_en

Issue link: https://resources.irdeto.com/i/818328

Contents of this Issue

Navigation

Page 1 of 1

www.irdeto.com 2 © 2017 Irdeto. All Rights Reserved. Assessment considerations follow the attack tree formal methods: 1. Hacker objectives are identified and ascribed severities. 2. Potential attack paths associated with the objectives are identified. 3. Attack vectors (what EVITA calls asset attacks) are described including attack potentials based on the Common Criteria factors of vulnerability assessment. 4. The risk of attackers achieving certain nodes in the tree are calculated using estimates of attack probability of success. The result of our multiweek Threat Assessment process is a comprehensive set of reports that include: • Detailed attack trees. • Complete attack vector assessments outlining severity, probability, controllability, etc. • Multidimensional ratings for financial, operational, privacy and safety risks. • Recommended mitigations and security requirements for each attack vector. Reports are designed to match the knowledge and methodologies of engineering staff. Security recommendations will highlight mitigations at each level to build an in-depth security strategy: 1. Hardware (memory, cryptographic key protection.) 2. ECU Firewalls. 3. CAN bus gateway. 4. Software (including OS, firmware, applications.) 5. Car apps on mobile devices. 6. OTA communications – car-to-car, car-to-device, car-to-cloud, device-to-car-to-cloud. Irdeto is a pioneer in security, with its technology protecting over US$ 750M in payments and over 5 billion devices and applications against cyberattacks for some of the world's best known brands. For nearly 50 years, Irdeto has worked with software application providers, connected device manufacturers, pay-media operators and content creators to secure their products and business. Irdeto, a subsidiary of Naspers (JSE: NPN), is headquartered in the Netherlands with 19 locations worldwide. Visit http://www.irdeto.com. BUILDING IN SECURITY FROM THE GROUND UP In addition to identifying vulnerabilities in existing ECUs and components, the Irdeto Threat Assessment Service can eliminate vulnerabilities in components that have not yet been brought to market. Based on nearly 20 years of anti-hacking security review for some for the world's largest brands, Irdeto Threat Assessment evaluates and identifies weaknesses at the system architecture and software design stages. This enables OEMs and tier 1s to implement corrective mitigations in the early stages of a product's lifecycle and avoid costly re-engineering during coding, validation and release. By incorporating Irdeto Threat Assessment into the design and development process, OEMs and tier 1s are able to create much more secure products while educating engineering staff on cyber security best practices. Other benefits include: • Cleaner and simpler system design. • Dramatically reduced engineering churn and subsequent cost savings. • Improved confidence in vehicle security. • Greater lead-time for corrective action.

Articles in this issue

Links on this page

view archives of Solution Overviews - cso_automotive_threat_assessment_services_en