skip to content

This site uses cookies. By accepting cookies you can optimise your browsing experience.


Security Concept for an Interoperable Telematics Platform

01 Sep 2017

Nowadays modern vehicles are connected (WAN-Connection) to various systems outside the core vehicle network like, vehicle-to-vehicle (V2V), vehicle to infrastructure (V2I) networks and/or also using the Internet for communication with different servers (service provider server, vehicle manufacturer server). Usually, these exchanges of data are controlled by a Telematics Control Unit (TCU) which serves as an information gateway in the vehicle, where it is connected to both the wireless link via a GSM module or even more sophisticated cellular communication technologies (UMTS, LTE) and internally to the vehicle’s communication busses and to the physical OBD II connector or through a vehicle manufacturer’s proprietary interface.

However, automotive security covers more aspects than only securing a TCU. It covers protection of all electronic control units (ECU), in-vehicle communication, and external communication against malicious encroachments by an attacker. Furthermore the implementation of third party application in a secure manner is also an important part of an overall security concept.

By providing an additional external communication to the vehicle data busses, the attack surface of the respective vehicle is enlarged. An overall security concept should address all the aspects.

It should be noted that due to the development in the area of automated vehicles, the points “Secure ECU/TCU”, “Secure in vehicle communication” and “Secure in vehicle architecture” are already under development by the various vehicle manufacturers in dedicated working groups to ensure the vehicle integrity.

This document defines fundamental security requirements for an Interoperable Telematics Platform. It does not provide specific design or implementation guidelines, but an overview of the requirements which must be fulfilled by the respective vehicle manufacturer and the third party service providers in order to guarantee a specific level of security. Some fundamental requirements will be defined in the next Chapter.

Read the full study below.