Cyber Security Tests – Our Laboratory Infrastructure

Vehicles’ electronic control units (ECUs), communication networks and associated systems today need to be tested not only for functionality but also for resilience against cyber-attacks. In particular, UNECE R155 and ISO/SAE 21434 standards have made vehicle cyber security a testable and documentable engineering discipline.

Optival offers applied test solutions for vehicle and component manufacturers with its infrastructure that can perform cyber security tests in field, laboratory and simulation environments.

---

Test Competencies

In our laboratory, protocol and scenario-based cyber security tests are carried out under the following headings:

In-Vehicle and Out-of-Vehicle Communication Security Tests

• Message manipulation and infiltration attempts on CAN, LIN, FlexRay data line
• Unauthorized access, sniffing and injection tests in wired/wireless protocols such as Ethernet, Bluetooth, Wi-Fi, 5G, V2X
• Brute-force and replay attacks against weak encryption schemes

Unauthorized Access and Service Interface Tests

• Open port analysis via OBD-II, USB, SD card and diagnostic ports
• Package integrity and signature verification checks in OTA (Over-the-Air) software updates
• Vulnerability scans on connected units such as TCU and Gateway

Fuzzing Tests

• Protocol corruption, random data transmission and monitoring of system behavior
• CAN-ID detection, message corruption and fault tolerance measurement according to the safety level of the ECU

Penetration Tests (PenTest)

• Simulation of real attack vectors
• Mapping the attack surface, identifying exploitable points
• Assessing the survivability of security measures

Reporting and Compliance

All our tests are reported based on the following standards:

• Compliance with UNECE R155 – Annex 5 and type approval evaluation structure
• ISO/SAE 21434 – Verification of Threat & Risk Assessment (TARA) outputs by technical testing