Security requirements analysis

Starting from relevant use cases and security threat scenarios, security requirements for on-board networks will be specified. Also legal requirements on privacy, data protection, and liability issues will be considered.

Secure on-board architecture design

Based on the security requirements and the automotive constraints, a secure on-board architecture and secure on-board communications protocols will be designed. The security functions will be partitioned between software and hardware. The root of trust will be placed in hardware security modules that may be realised as extensions to automotive controllers or as dedicated security controller chips.

In order to ensure that the identified requirements are satisfied, selected parts of the secure on-board architecture and the communications protocols will be modelled using UML and automata and verified using a set of different but complementary model-based verification tools.


For prototyping, FPGA's will be used to extend standard automotive controllers with the functionality of cryptographic coprocessors. The low-level drivers for interacting with the hardware will be partially generated from UML models.

For even faster prototyping, the security functionality will also be implemented purely in software. An API will be defined so that applications on top of this API can use the cryptographic functions regardless of whether they are provided in hardware or software. All developed code will be validated to ensure its correctness.

Prototype-based demonstration

The secure on-board communication will be deployed inside a lab car demonstrating e-safety applications based on vehicle-to-X communication. Cryptographic methods will ensure the integrity and authenticity of information exchanged within the vehicle and will protect the electronic control units against theft, tampering, and unauthorised cloning.

Releasing the automotive hardware security modules for deployment in cars on public roads requires further implementation and testing efforts, which are out of scope of this project.

Dissemination and external interfaces

In order that the entire automotive industry may benefit from the project results, the secure on-board architecture and communications protocol specifications will be published as open specifications.

The EVITA project partners will liaise with related initiatives in the fields of e-safety and embedded security to achieve multilateral synergies.

Project duration

July 2008 – December 2011