In new development projects, the new AUTOSAR 4.x standard is used instead of AUTOSAR 3.x. The latest version, AUTOSAR 4.2.1, contains the basic software module “Secured Onboard Communication” . While preserving the RTE mechanisms for signal handling, it enables transparent authentication of messages. This involves adding portions of a Message Authentication Code (MAC) to the message. In Secured Onboard Communication, authentication is the primary method for secure communication; encryption is not currently planned, so the messages are transmitted as plain text. Like for the AES algorithm for CAN message encryption, the MAC calculation also requires symmetrical keys which must be provided here as well. A Freshness Counter ensures that it is possible to check the currency of the data.
In the near future, remote connections such as Car2x communication, WLAN, Bluetooth and Internet will continue to grow and will necessitate much more stringent requirements for IT security. These access modes must be made secure against attacks and must not permit any remote manipulation. This is especially true of information to driver assistance systems, which rely on reliable messages from other traffic participants and/or the infrastructure. Vector is also providing suitable support for the analysis and development of such systems.
About the Author:
Armin Happel (Graduate Engineer) is Principal Software Development Engineer at Vector Informatik GmbH in the area of Research and Development for Innovative Applications where he is responsible for the area of Applied Security.
Tel. +49 711 80670-2133
 https://www.chip.de/news/CAN-Hacking-Tool-Autos-hacken-fuer-20-Dollar_67066892.html [only German]
 Advanced Encryption Standard (AES), FIPS PUB 197
 CAN with Flexible Data Rate – Specification Version 1.0, Robert Bosch, GmbH; April, 2012
 AUTOSAR Specification of Module Secure Onboard Communication, Release 4.2.1
 AUTOSAR Software Specification Crypto Abstraction Library Release 4.2.1
 AUTOSAR CryptoService Manager, Release 4.2.1
All figures (c) Vector Informatik GmbH