The Firmware Security Module (FSM) is a software-based solution that retroactively secures control units without special security hardware or with hardware that cannot be updated. It enables secure starting of the control unit and protects necessary secrets. This module offers a flexible and effective way of retrofitting existing systems with the necessary security mechanisms. Particularly in the context of the software-defined vehicle (SDV), the crypto-agility of the FSM is crucial to ensure protection over the entire lifetime of the vehicle. 

As part of the FSM project, IAV is integrating quantumSAR updatable encryption algorithms to respond to the threat posed by quantum computers. It is designed as an open-source project that is available to everyone and can be individually adapted. IAV works with algorithms that are considered quantum-safe to protect vehicles from cyber attacks in the future. 

IAV pursues a security-by-design approach to safeguarding against risks as early as the development phase. By conducting risk analyses and developing safety functions, IAV ensures that vehicles are protected against cyberattacks from the outset. 

The ACDC enables vehicles in the field to be monitored and detects security vulnerabilities. It empowers cybersecurity experts to respond quickly and effectively to detected threats, providing continuous protection throughout the vehicle's lifespan. 

With the advent of quantum computers, cybersecurity will undergo fundamental changes. Quantum computers have the ability to perform special calculations at a speed that is impossible for conventional computers. This has direct implications for the security of our digital systems.

A simple example: Let's assume that a connected vehicle uses conventional encryption methods to secure communication between the vehicle and the infrastructure. This encryption is based on mathematical problems that are very difficult for today's computers to solve, making the data transmission secure. However, a quantum computer could solve these mathematical problems in a fraction of the time it would take a conventional computer. This means that the encryption protecting the vehicle could effectively be hacked, giving attackers access to critical systems and sensitive data.

This is where quantum-safe algorithms come into play. Embedded security experts Philipp Jungklass and Marco Siebert explain: “The previous methods are easy for quantum computers to break.” Quantum-safe algorithms, also known as post-quantum algorithms, are based on mathematical problems that are difficult for quantum computers to solve. ‘Post-quantum cryptography ultimately describes algorithms that still provide the necessary security in the age of quantum computing.’ These algorithms are therefore the solution for ensuring the security of connected vehicles and other digital systems in the era of quantum computing.

IAV has responded to the challenges that quantum computers pose for cybersecurity by developing innovative software. This software enables the efficient implementation of post-quantum algorithms on current control units. “We have decided to implement and evaluate the post-quantum algorithms on a current control unit”, explains Marco Siebert, head of the Embedded Security department at IAV. By adapting algorithms from an open-source library for use on microcontrollers, IAV was able to gain valuable insights and test them in practice.

IAV has decided to publish this software as an open-source solution. This decision is based on the conviction that transparency and knowledge sharing strengthen security and trust in digital systems. ‘In our opinion, security-relevant systems are always based on trust,’ Siebert emphasises. By publishing the code on GitHub, IAV invites the global community to review the implementation and contribute to improving the software.

To ensure cyber security, experts need mechanisms that identify and eliminate vulnerabilities before attackier can exploit them. Penetration tests play a crucial role in this. They enable cybersecurity specialists to identify and close potential security gaps at an early stage.

Claude-Pascal Stöber-Schmidt, Project Manager Cybersecurity at IAV, explains how these tests work: ‘They aim to provoke unwanted behaviour in the software in order to identify potential security vulnerabilities’.

By developing specific attacker models and using advanced techniques such as scanning, attack simulations and vulnerability analysis, penetration testers can uncover hidden security risks. This systematic approach makes it possible not only to identify vulnerabilities but also to understand how they could be exploited, for example to steal protected data or compromise systems.

“Our goal is to use these vulnerabilities to achieve a specific effect and thus strengthen the security of our customers”, says Stöber-Schmidt.

IAV uses a variety of tools and techniques, including DiagRA for CAN bus testing and Kali Linux for network testing, to ensure a comprehensive cybersecurity assessment.