wolfSSL, wolfSentry, and the UN Cybersecurity Regulations for Vehicles

    • Under UN Regulations 155 and 156, auto makers and their contractors take on the daunting responsibility for security across the entire lifecycle of the vehicle.  To meet this challenge, designers must consider security from the start of product planning, and at every stage thereafter, designing in sustainable, best-in-class solutions.

    The two crucial approaches to secure the endpoint are access controls and cryptographic encapsulation.  wolfSSL offers best-in-class enabling technology for both.  wolfCrypt, wolfSSL, wolfSSH, and wolfBoot are turnkey embedded solutions to secure software and messaging in the embedded endpoint with best-in-class cryptography.  The wolfSentry embedded IDPS, in turn, secures the embedded endpoint with a flexible, field-configurable policy engine, and facilitates integration into central cybersecurity monitoring solutions.

    wolfSentry, and the rest of the wolf suite, align with the specific mitigations directed by R155:

    • “Measures to detect and recover from a denial of service attack shall be employed”
    • “Security controls shall be applied to systems that have remote access”
    • “Access control techniques and designs shall be applied to protect system data/code.”
    • “Measures to prevent and detect unauthorized access shall be employed”
    • “Measures to detect malicious internal messages or activity should be considered”
    • “The vehicle shall verify the authenticity and integrity of messages it receives”
    • “Security controls shall be implemented for storing cryptographic keys (e.g. use of Hardware Security Modules)”

    wolfSentry, in concert with other wolf suite components and application-specific plugin logic, implements these mitigations in a fully embeddable, easily integrated, highly portable form.  And the foundational requirements of R156, which relates to software update management systems for vehicles, are fully met by the wolf suite.

    By adopting the wolf suite of solutions as key components of a comprehensive security architecture, designers can assure the sustainability of their engineering investment, with all major algorithms, target silicon, and runtime environments supported.

    Further reading:

    Full text of R155 (30 pages): https://unece.org/sites/default/files/2021-03/R155e.pdf

    R156 (16 pages): https://unece.org/sites/default/files/2021-03/R156e.pdf