TÜVIT specifies cybersecurity architecture for On-board Telematics Platform (OTP)

The International Automobile Federation (FIA) has asked TÜViT to conduct a study on how a cybersecurity architecture as part of the On-board Telematics Platform (OTP) can ensure data protection as well as IT security of a connected vehicle and the interconnected traffic as a precondition for future fully automated driving.

For more than 100 years, road safety and, for more than two decades, environmental protection have been drivers of more innovation, investment, growth and jobs in car manufacturing. Today, information technology is the key innovation driver of connected vehicles. The development of technology can contribute significantly to safety, mobility, environmental protection and comfort. The safety applications or assistance systems are primarily intended to prevent accidents including warnings of danger spots (e.g. end of traffic jams, breakdown vehicles). More up-to-date traffic information obtained through the development of vehicle communication enables time-optimized route planning. An investment in cooperative intelligent transport systems (C-ITS) based on the information transfer of connected smart vehicles is going to be the next step.

Rapidly developing information technology will also allow innovation for independent service providers (ISP). Local diagnostics and direct access to in-vehicle data, functions and resources in case of a car breakdown may in many cases be replaced with remote diagnostic support that allows a remote diagnostician to communicate with the driver over the air and resolve the cause of the breakdown. IT systems for prognostics by ISPs could also support the driver as he will be informed about problems inside the car before a breakdown is going to happen. Therefore, remote access must be feasible for an authorized ISP. Besides, implemented security functionalities must prevent unauthorized access attempts during the whole lifetime and need to recognize misuse.

In all cases the European General Data Protection Regulation (GDPR) has to be fulfilled: If a vehicle is assigned to an owner and whenever persons are in the car, personal data will arise automatically. In order to ensure their consent to any data being transmitted to and from the vehicle, those persons should in most cases have the possibility to opt in or opt out.

The International Automobile Federation (FIA) has asked TUVIT (the digital innovation member of the TÜV NORD company group) to conduct a study on how a cybersecurity architecture as part of the On-board Telematics Platform (OTP) can ensure data protection as well as IT security of a connected vehicle and the interconnected traffic as a precondition for future fully automated driving.
 

The report linked below

  • describes a model design of security functionalities modularized in different security layers,
  • suggests the grouping of different automotive stakeholders to suitable access roles
  • so that an Automotive Gateway (A-GW) inside the vehicle could control any remote access in a secure way and
  • during the whole lifetime.
     

In addition to this report a protection profile of the key component Automotive Gateway (A-GW) acc. to the Common Criteria has been specified that could be used as a formal specification for any vendor. The latest studies and governmental activities on secure connected driving and interconnected traffic were taken into account and the resulting approach of the OTP covers state-of-the art technologies of the IT security industry.

Both documents (report and PP) are available under:

About TÜViT

TÜV Informationstechnik GmbH focuses solely on security in information technology and, as an independent testing service provider for IT security, is an international leader. Numerous corporations already benefit from the TÜViT-tested security. Its portfolio includes cyber security, software and hardware evaluation, IoT/Industry 4.0, data protection, ISMS, Smart Energy, mobile security, automotive security, eID and identity verification services as well as the testing and certification of data centers for physical security and high availability. TÜV Informationstechnik, founded in 1995 and headquartered in Essen, Germany, is a member of the TÜV NORD GROUP, one of the world's largest technology service providers with over 10,000 employees and business activities in 70 countries worldwide.

Axel LangeGeneral Manager Marketing & Sales

Tel.: +49 201 8999-499
Fax: +49 201 8999-888
a.lange@tuvit.de

Share this page