Vehicle Services

The Vehicles Services WG addresses a broad range of different vehicle types ranging from automotive cars, trucks and buses, as well as trains and related mobility infrastructure. The increasing connectivity in vehicles enables integration of additional services as mobility solutions, which also increases the demand for security.

In an automotive context, a Road Vehicle is a system composed of many subsystems or functional domains which are interconnected and communicate with the outside world through one or more wired or wireless gateways. The modern vehicle must support a diverse set of use cases and services so it can be viewed as a composite industrial control system network with one or more external network gateways and human user interfaces. The growing focus on external communication has changed the vehicle security posture and threat model. A vehicle is now connected to other networks and susceptible to similar threats as other connected devices, such as internet of things (IoT) devices, infrastructure, backend systems and mobile phones.

Vehicles are evolving away from a primarily mechanical and electrical architecture to a software defined vehicle (SDV) architecture, where ECUs (electronic control units) from different functional domains are being consolidated into a single ECU using methods such as virtualization. This evolution results in vehicle ECUs becoming more capable and complex. The modern vehicle can have over 100 ECUs that range from 8-bit memory controller unit (MCU) ECUs to central processor unit (CPU) system-on-chip (SoC) ECUs, depending on their role in the vehicle architecture. ECU software can range from a real-time operating system (RTOS) on a sensor ECU to a full embedded Linux stack on an infotainment SoC ECU. Adversaries constantly evolve their attack methods to monetize common weaknesses (see CWE (Common Weakness Enumeration) at https://cwe.mitre.org/) in technology, so that they can target the entire vehicle platform and supply chain, including hardware, software, data, and vehicle users. Vehicle ECUs have a critical need for trustworthy hardware capabilities and secure software execution environments, so these ECUs should be secure by design and resilient when under attack. TCG technologies enable secure by design implementations that include resiliency capabilities since they provide protection, detection, and recovery mechanisms.

The Vehicle Services Working Group (VS-WG) is focused on the adoption and refinement of TCG technologies that provide trustworthy platform primitives, including Roots-of-Trust (RoT), in vehicle architectures. The goal is to support diverse modern vehicle uses cases such as Electric Vehicle charging, Digital Car Key, Autonomous Driving capabilities, and Secure Over-the-Air updates. These trustworthy platform primitives can be enforced by hardware RoTs that provide identity, confidentiality, integrity, availability, and attestation via architectural concepts such as measured boot and secure execution environments.

The VSWG objectives are:

  • Evaluation and adoption of TCG technologies into Vehicle Services such as TPM, DICE, MARS, TSS, CyRES, etc.
  • Creating specifications and reference documents on the use of TCG technologies in Vehicle Service systems.
  • Provide whitepapers and reference documents for the design, development, production, provisioning, runtime use and testing of vehicle system cybersecurity.
  • Maintain existing TCG vehicle services specifications.
  • Collaborate with other standards bodies to bring TCG technologies into the automotive vehicle ecosystem

VSWG participants include Automotive OEMs, Tier 1 Suppliers, Research Institutes, Government Agencies, and liaisons from other standards bodies. VSWG welcomes new members who want to support the adoption and refinement of TCG technologies for automotive vehicles.

The following picture shows components of vehicles systems and the related services:

Vehicle Services Trustworthy Platform Stack

 

Chairs

Hisashi Oguma
Group Manager
Toyota Motor Corporation
Hisashi Oguma received the B.E., M.E., and Ph.D. degrees in computer science from the University of Electro-Communications, Tokyo, Japan in 1997, 1999, and 2002 respectively. In 2002 he joined NTT DoCoMo, Inc., Japan. In 2007 he joined Toyota Motor Corporation, Japan. He is currently Group manager, Cybersecurity Group, InfoTech, Connected Advanced Development Division. His current research interests include cybersecurity technologies relevant to vehicular system.
Eoin Carroll
Principal Product Cybersecurity Engineer
TOYOTA
Principal Product Cybersecurity Engineer Eoin Carroll received a MSc in Networking and Security from Cork Institute of Technology, and a Higher Diploma in Applied Physics from the National University of Ireland Maynooth, in 2011 and 2000 respectively. He has been a member of – and represents - Toyota Motor North America at the TCG MARS, IoT and TPM Work Groups since February 2022. Eoin has 10 years' experience as an Electronic Engineer on FPGAs, Chipsets and medical devices which focus on new product features, verification and risk evaluation. He has an additional 11 years' experience in Cybersecurity where he currently serves as a Principal Product Cybersecurity Engineer in Toyota Motor North America’s Vehicle Product Cybersecurity Group. Prior to working at Toyota Motor North America, he served a Principal Engineer at McAfee focused on Advanced Threat Research and Platform security. Eoin has experience within a number of areas including vehicle systems cybersecurity, operating system internals, network protocols, embedded systems, product engineering, threat modeling, vulnerability analysis, reverse engineering, penetration testing and platform security mitigations.