For PUNCH Softronix security is value for the product that doesn’t limit the business.
About Product Security
The control systems face security is the biggest challenge in the next few years. The market is becoming much more profitable, and the attackers are at least one step ahead of the industry. For this reason, PUNCH Softronix has built up a team with a multiyear of expertise that work on this topic daily, in close collaboration with Politecnico di Torino and other parties. This partnership permits PUNCH Softronix to foresee the newer and upcoming cyber-threats.
Our Product Security Office tailors the security in the early development stage to achieve the desired cyberattack resiliency with no invasive side effects. PUNCH Softronix’s projects comply with the best security standards beyond the NIST cybersecurity framework and the NHTSA Security best practices. Our security processes ensure the products fulfil the Road Vehicle cybersecurity regulation, mandatory for new model type approval. The team works continuously to improve the security grade and periodically reviews the security practices and processes based on the new trends and analysis.
Product Security Engineering is highly flexible to support the customer’s needs, providing a diversity of quality services both in the Design and the Operation area.
- Security requirements definition and secure HW and SW architecture design, including advanced Secure Boot solution and security memory protection strategists.
- Security assets definition and risk analysis assessment comply with regulations and ISO21434 and IEC61434 standards.
- E-Coaching to transfer our knowledge built up in the Accademia area to our customers.
Product Security is committed to research with Politecnico di Torino on the following areas:
- Advanced threat modelling system platform, fully tailored.
- Secure analog Sensors with scramble circuits
- Advanced Instruction Detection Systems (IDS) specific for real-time embedded systems.
- A complete penetration testing team specialized in Automotive control and general purpose IoT systems.
Articles & papers
What: The automobile industry is no longer relying on pure mechanical systems; instead, it benefits from advanced Electronic Control Units (ECUs) in order to provide new and complex functionalities in the effort to move toward fully connected cars. However, connected cars provide a dangerous playground for hackers. Vehicles are becoming increasingly vulnerable to cyber attacks as they come equipped with more connected features and control systems. This situation may expose strategic assets in the automotive value chain. In this scenario, the Controller Area Network (CAN) is the most widely used communication protocol in the automotive domain. However, this protocol lacks encryption and authentication. Consequently, any malicious/hijacked node can cause catastrophic accidents and financial loss. Starting from the analysis of the vulnerability connected to the CAN communication protocol in the automotive domain, this paper proposes EXT-TAURUM P2T a new low-cost secure CAN-FD architecture for the automotive domain implementing secure communication among ECUs, a novel key provisioning strategy, intelligent throughput management, and hardware signature mechanisms. The proposed architecture has been implemented, resorting to a commercial Multi-Protocol Vehicle Interface module, and the obtained results experimentally demonstrate the approach’s feasibility.
Who: F. Oberti, A. Savino, E. Sanchez, F. Parisi and S. Di Carlo
Where: IEEE Transactions on Device and Materials Reliability (Volume 22)
When: June 22nd, 2022
What: Authentication of hardware modules connected through Controller Area Networks (CAN) in modern vehicles is becoming an increasing security issue. Untrusted modules introduced on the market may alter the secure boot infrastructure of a complex vehicle, thus completely compromising its security. This paper introduces the problem and highlights a preliminary idea for reaching better protection and preventing or limiting this category of attacks.
Who: F. Oberti, E. Sanchez, A. Savino, F. Parisi and S. Di Carlo
Where: 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks 2021 (DSN2021)
When:June 21st – 24th , 2021
What: Interconnected devices are growing very fast in today's automotive market, providing new and complex features that cover very different domains. This vast and continuous requirement for new features brings to impact areas categorized as real-time safety-critical devices, opening the possibility to add potential vulnerabilities. By analyzing the security vulnerabilities within vehicle networks, this paper aims at proposing a new generation of a secure architecture based on Controller Area Network (CAN) called TAURUM P2T. This new architecture looks at mitigating the vulnerabilities found in the current network systems of road vehicles by introducing a low-cost and efficient solution based on the introduction of a Secure CAN network able to implement a novel key provisioning strategy. The proposed architecture has been implemented, resorting to a commercial Multi-Protocol Vehicle Interface module, and the obtained results experimentally demonstrate the approach's feasibility.
Who: F. Oberti, E. Sanchez, A. Savino, F. Parisi and S. di Carlo
Where:27th IEEE International Symposium on On-Line Testing and Robust System Design, IOLTS 2021
When: June 28th – 30th ,2021
What: The automotive market is profitable for cyberattacks with the constant shift toward interconnected vehicles. Electronic Control Units (ECUs) installed on cars often operate in a critical and hostile environment. Hence, both carmakers and governments have supported initiatives to mitigate risks and threats belonging to the automotive domain. The Local Interconnect Network (LIN) is one of the most used communication protocols in the automotive field. Today’s LIN buses have just a few light security mechanisms to assure integrity through Message Authentication Codes (MAC). However, several limitations with strong constraints make applying those techniques to LIN networks challenging, leaving several vehicles still unprotected. This paper presents LIN Multiplexed MAC (LIN-MM), a new approach for exploiting signal modulation to multiplex MAC data with standard LIN communication. LIN-MM allows for transmitting MAC payloads, maintaining full-back compatibility with all versions of the standard LIN protocol.
Who: F. Oberti, E. Sanchez, A. Savino, F. Parisi M.Brero and S. di Carlo
Where: The 28th IEEE International Symposium on On-Line Testing and Robust System Design.
When: Sept 12th – 14th ,2022
What: The automotive market is increasingly profitable for cyberattacks with the constant shift toward fully interconnected vehicles. Electronic Control Units (ECUs) installed on cars often operate in a critical and hostile environment. Hence, both carmakers and governments have decided to support a series of initiatives to mitigate risks and threats belonging to the automotive domain. The Controller Area Network (CAN) is the primary communication protocol in the automotive field, and the integrity of the communication over this network is assured through Message Authentication Codes (MAC). However, limitations in throughput and frame size limit the application of this technique to specific versions of the CAN protocol, leaving several vehicles still unprotected. This paper presents CAN Multiplexed MAC (CAN-MM), a new approach exploiting frequency modulation to multiplex MAC data with standard CAN communication. CAN-MM allows transmitting MAC payloads maintaining full-back compatibility with all versions of the standard CAN protocol. Moreover, multiplexing allows sending DATA and MAC simultaneously.
Who: F. Oberti, E. Sanchez, A. Savino, F. Parisi P. Casasso and S. di Carlo
Where:The 18th IEEE Workshop on Silicon Errors in Logic – System Effects
When: May 19th – 20th ,2022
News & Past events
Here a collection of our news and past events. Take a look and don’t miss our future events.
Event name | Sep. 25th
Event name | Sep. 25th
Event name | Sep. 25th