FiA - On-Board Telematics Platform Security by TÜV Informationstechnik GmbH

	FiA - On-Board Telematics Platform Security TÜV Informationstechnik GmbH

Technology Category	Cybersecurity & Privacy - Security Compliance
Applicable Industries	Automotive
Applicable Functions	Business Operation Product Research & Development
Use Cases	Security Claims Evaluation
Services	Cybersecurity Services
Challenge	The International Automobile Federation (FIA) has asked TUVIT (the digital innovation member of the TÜV NORD company group) to conduct a study on how a cybersecurity architecture as part of the On-board Telematics Platform (OTP) can ensure data protection as well as IT security of a connected vehicle and the interconnected traffic as a precondition for future fully automated driving. The report linked below describes a model design of security functionalities modularized in different security layers, suggests the grouping of different automotive stakeholders to suitable access roles so that an Automotive Gateway (A-GW) inside the vehicle could control any remote access in a secure way and during the whole lifetime. Rapidly developing information technology will also allow innovation for independent service providers (ISP). Local diagnostics and direct access to in-vehicle data, functions and resources in case of a car breakdown may in many cases be replaced with remote diagnostic support that allows a remote diagnostician to communicate with the driver over the air and resolve the cause of the breakdown. IT systems for prognostics by ISPs could also support the driver as he will be informed about problems inside the car before a breakdown is going to happen. Therefore, remote access must be feasible for an authorized ISP. Besides, implemented security functionalities must prevent unauthorized access attempts during the whole lifetime and need to recognize misuse. In all cases the European General Data Protection Regulation (GDPR) has to be fulfilled: If a vehicle is assigned to an owner and whenever persons are in the car, personal data will arise automatically. In order to ensure their consent to any data being transmitted to and from the vehicle, those persons should in most cases have the possibility to opt in or opt out. The International Automobile Federation (FIA) has asked TUVIT (the digital innovation member of the TÜV NORD company group) to conduct a study on how a cybersecurity architecture as part of the On-board Telematics Platform (OTP) can ensure data protection as well as IT security of a connected vehicle and the interconnected traffic as a precondition for future fully automated driving. Read More
Customer Name	International Automobile Federation (FIA) Read More
Solution	Vehicle Security Report Protection Profile In addition to this report a protection profile of the key component Automotive Gateway (A-GW) acc. to the Common Criteria has been specified that could be used as a formal specification for any vendor. The latest studies and governmental activities on secure connected driving and interconnected traffic were taken into account and the resulting approach of the OTP covers state-of-the art technologies of the IT security industry. https://www.tuvit.de/en/news/downloads/fia-study/ Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Automotive

Applicable Functions

Business Operation

Product Research & Development

Use Cases

Security Claims Evaluation

Services

Cybersecurity Services

Challenge

The International Automobile Federation (FIA) has asked TUVIT (the digital innovation member of the TÜV NORD company group) to conduct a study on how a cybersecurity architecture as part of the On-board Telematics Platform (OTP) can ensure data protection as well as IT security of a connected vehicle and the interconnected traffic as a precondition for future fully automated driving.

The report linked below

describes a model design of security functionalities modularized in different security layers,
suggests the grouping of different automotive stakeholders to suitable access roles
so that an Automotive Gateway (A-GW) inside the vehicle could control any remote access in a secure way and
during the whole lifetime.

Rapidly developing information technology will also allow innovation for independent service providers (ISP). Local diagnostics and direct access to in-vehicle data, functions and resources in case of a car breakdown may in many cases be replaced with remote diagnostic support that allows a remote diagnostician to communicate with the driver over the air and resolve the cause of the breakdown. IT systems for prognostics by ISPs could also support the driver as he will be informed about problems inside the car before a breakdown is going to happen. Therefore, remote access must be feasible for an authorized ISP. Besides, implemented security functionalities must prevent unauthorized access attempts during the whole lifetime and need to recognize misuse.

In all cases the European General Data Protection Regulation (GDPR) has to be fulfilled: If a vehicle is assigned to an owner and whenever persons are in the car, personal data will arise automatically. In order to ensure their consent to any data being transmitted to and from the vehicle, those persons should in most cases have the possibility to opt in or opt out.

The International Automobile Federation (FIA) has asked TUVIT (the digital innovation member of the TÜV NORD company group) to conduct a study on how a cybersecurity architecture as part of the On-board Telematics Platform (OTP) can ensure data protection as well as IT security of a connected vehicle and the interconnected traffic as a precondition for future fully automated driving.

Overview

FiA - On-Board Telematics Platform Security