91³Ô¹ÏÍø

Synopsys Secures Connected Vehicles with Industry¡¯s First IP Product to Achieve Third-Party Certification for ISO/SAE 21434 Cybersecurity Standard

Markus Willems, Ron DiGiuseppe

Jul 17, 2024 / 3 min read

Automakers in Europe have been intimately familiar with UN Regulation No. 155 (UN R155) since its introduction three years ago by the United Nations Economic Commission for Europe. But being able to meet the EU regulation has been no easy feat even though it may sound simple on the surface. 

UN R155 requires vehicle manufacturers (otherwise known as Original Equipment Manufacturers [OEMs]) and all suppliers in the automotive supply chain (such as Tier 1s) to adopt cybersecurity and a cybersecurity risk management system and processes. It mandates that vehicle type approval of models (and everything that makes up that vehicle model, from the infotainment system to the power train system and chip suppliers) must include cybersecurity measures complying with industry standards, namely ISO/SAE 21434.

connected vehicle cybersecurity iso 21434 un r155

The relationship between ISO/SAE 21434 standard and UN R155 regulation and how they affect players in the automotive ecosystem (Source: ). 

With the UN R155 July 1, 2024 deadline for brand new vehicle models (those with significant changes to vehicle architecture, not simply ¡°facelifts¡± to existing models) the pressure was on for OEMs and others in the automotive supply chain to comply. Synopsys is an early adopter of automotive cybersecurity supporting our customers,  the industry¡¯s first processor IP, Synopsys ARC? HS4xFS, to achieve third-party certification compliance with ISO/SAE 21434 from accredited, independent auditor SGS-T?V Saar.

Read on to learn how ARC HS4xFS Processor family has become a more secure and safe solution for automotive applications, the kinds of automotive channels this certification can help protect against cybersecurity attacks, and more.

connected vehicle security

ISO/SAE 21434 Connected Vehicle Cybersecurity Risk Management

Synopsys has worked closely with leading automotive chip suppliers for many years and has been aware that this was becoming a requirement for them early on, leading us to build ISO/SAE 21434 certification into our roadmap after early engagement with customers. 

To begin with, Synopsys needed to define the cybersecurity development lifecycle before we could obtain ISO/SAE 21434 certification for our IP development process and ARC HS4xFS Processors. Key elements of the cybersecurity engineering processes include the Security Development Lifecycle (SDL), Security Risk Assessment (SRA), and the IP Security Incident Response Team (IP-SIRT).

  • The SDL builds upon the foundational elements of the Quality Management System (QMS). This integration ensures that cybersecurity measures are deeply embedded into the development processes to ensure that both safety and security are considered throughout the development cycle.
  • The SRA plays a pivotal role in identifying and mitigating potential security risks throughout the development process. By systematically evaluating risks, users can prioritize efforts and allocate resources effectively to address the most significant threats. 
  • Finally, the IP-SIRT is tasked with monitoring, detecting, and responding to security incidents. This team's proactive measures ensure that any security breaches are swiftly addressed, minimizing potential damage and maintaining the integrity of the IP.

Through these coordinated efforts, ISO/SAE 21434 certification provides a robust framework for managing cybersecurity risks, ensuring that the ARC HS4xFS Processor family (and additional IP portfolio products in the future, including interface, security, and processor IP solutions) have been assessed for potential security threats.

ISO/SAE 21434 and Synopsys ARC HS4xFS

The potential for automotive cybersecurity vulnerabilities can come from anywhere. For instance, plugging in your smartphone to your vehicle with a USB, Bluetooth connections, and, more recently, Wi-Fi and 5G/LTE connections all can allow potential threats into the vehicle. As cars become more software-defined, over-the-air (OTA) updates are increasingly common, enabling remote updates with new features or fixes. However, this also opens up potential security risks such as unauthorized access, tampering, and malware. Adhering to the ISO/SAE 21434 cybersecurity standard is crucial to protecting these safety-critical automotive systems as more channels of attack become standard in new cars.

Today, ARC HS4xFS Processor IP, already certified under ISO 26262 (meeting ASIL D Random and ASIL D Systematic compliance for safety-critical systems), now holds ISO/SAE 21434 compliance certification performed by a third-party auditor. ARC HS4xFS functional safety processors facilitate the development of high-performance safety-critical applications and are optimized for high-performance embedded applications. Customers who use ARC HS4xFS processors and other ISO/SAE 21434-compliant technology ensure that security best practices are followed throughout the entire development process from IP to final vehicle assembly.

What¡¯s Next for Automotive Cybersecurity and Synopsys IP?

Achieving ISO/SAE 21434 certification for the Synopsys ARC HS4xFS family is only the beginning. Cybersecurity engineering processes are currently being applied to a prioritized list of IP products, based on customer demand, including the ARC-V processors, interface controllers, AMBA IPs, processors, security IPs, and more.

As more personal data is being routed through cars, over-the-air updates become even more commonplace, and standards become more stringent, the entire automotive industry is looking for the utmost confidence and compliance with cybersecurity certifications and the required background assessment that validates that there are no cybersecurity vulnerabilities in the product.  Synopsys is ready to continue answering that call through its strategic cybersecurity roadmap.

Learn more about ARC HS4xFS Processors with ISO 262626 safety and ISO/SAE 21434 cybersecurity certifications, available now.

Continue Reading