image: VERZEUSE(TM) Solutions for Product Lifecycle

Oct 24, 2024

Products & Solutions / Press Release

Expanding automotive cyber security innovations with VERZEUSE™ series

Accelerating SDV development throughout the vehicle lifecycle (design, implementation, evaluation, production, and operation)

Yokohama, Japan, October 24, 2024 - Panasonic Automotive Systems Co., Ltd. has further expanded its series of VERZEUSE™, automotive cyber security innovations, to accommodate the security needs in each phase (design, implementation, evaluation, production, and operation) of the entire vehicle lifecycle, from the development to operation (after vehicle shipment).

This expansion offers efficiency and high quality standardization for security measures throughout the entire vehicle lifecycle by introducing tools to automate cyber security work which has been often performed manually, and to link input and output information in each phase.
VERZEUSE™ for Virtualization Extensions Type-3, a containerized virtualization security innovation to combat cyber attacks on in-vehicle software, has been evaluated highly by car manufacturers as a unique innovation, and has been newly adopted for in-vehicle deployment.

This newly announced system in the VERZEUSE™ series will be exhibited at EdgeTech+ 2024*1 to be held from November 20 to 22, 2024.

<Development background>

In recent years, the risk of security threats, including cyber attacks targeting cars, has constantly been on the rise alongside the evolution of software-defined vehicles (SDVs) whose functions are enhanced with software and the increase in the number of vehicles connected to networks, known as connected cars. In January 2021, UN Regulation UN-R155 has come into effect, and it has been applied to new vehicles*2 in Japan and Europe since July 2022. In order to comply with UN-R155, there is an urgent need to establish a cyber security system in accordance with ISO/SAE 21434.

In this environment, the company foresees future demand for implementation of even more comprehensive security measures in each phase of vehicle lifecycle from development to shipment (design, implementation, evaluation, production, and operation) and streamlining of the enormous amount of work needed for vulnerability countermeasures.

<VERZEUSE™ series features>

1. Provides solutions for each phase of the vehicle lifecycle from development to shipment (design, implementation, evaluation, production, and operation).
Supports further streamlining and high quality standardization for security measures by linking input/output information in each phase.

2. VERZEUSE™ for TARA(Threat Analysis and Risk Assessment): ISO/SAE 21434 compliant threat analysis innovations contributing to substantial reduction of workload by automating threat analysis in the development and design phase.

3. VERZEUSE™ for Virtualization Extensions Type-3: Attack detection and protection solution adapting to container technology for in-vehicle software, adopted by car manufactures.

<VERZEUSE™ series features in detail>

1. Provides solutions for each phase of the vehicle lifecycle from development to shipment (design, implementation, evaluation, production, and operation).
Supports further streamlining and high quality standardization for security measures by linking input/output information in each phase.

image: VERZEUSE(TM) solutions for Product Development

The VERZEUSE™ series provides innovative systems for each phase of the entire vehicle lifecycle (design, implementation, evaluation, production, and operation) from development to shipment. The input and output information of each phase can be linked through the Panasonic Group’s database of Threat Intelligence which collects threat information from various industries such as factory automation, home appliances, and IoT devices.

For example, the analysis result information output from the design phase (1) VERZEUSE™ for TARA is referenced as input information in the evaluation phase (4) VERZEUSE™ for Threat Evaluation and Security Test Assistance toolkit and the post-shipment phase (6) VERZEUSE™ for SIRT. Likewise, the vulnerability assessment results output from the evaluation phase (4) VERZEUSE™ for Threat Evaluation and Security Test Assistance toolkit is referenced as input information in the post-shipment phase (5) VERZEUSE™ for SIRT.

This linkage between phases not only further streamlines security measures, but also helps to consistently manage security information throughout the entire vehicle lifecycle and to maintain security risk management to a high standard.

2. VERZEUSE™ for TARA: ISO/SAE 21434 compliant threat analysis innovations contributing to substantial reduction of workload by automating threat analysis in the development and design phase.

image: Benefit of using VERZEUSE(TM) for TARA. [Our Example]

During the early stages of vehicle development, even developers who are not security experts can simply answer a few questionnaires to determine countermeasure requirements based on the characteristics of in-vehicle devices from Panasonic Automotive Systems’ Threat Intelligence, which collates threats, vulnerabilities, and security controls.

This innovative system has been applied to more than 80 of the company’s in-vehicle products. For example, compared to the conventional manual process of threat analysis, this system has been proven to reduce workload by up to 90%*3 for large-scale products such as navigation systems. Car manufacturers that have used the system have highly evaluated its usefulness, and we have been commissioned to provide multiple consulting projects for risk assessment. For details, please refer to the press release*4.

3. VERZEUSE™ for Virtualization Extensions Type-3: Attack detection and protection solution adapting to container technology for in-vehicle software, adopted by car manufactures.

image: VERZEUSE(TM) for Virtualization Extensions Type-3

This in-vehicle software innovation meets the security requirements*5 of next-generation cockpit systems that utilize a virtualization environment and monitors the communication between the software area which has a high risk of being targeted by attackers via the external network connection (e.g. externally connected virtual machine) and the software area which implements essential functions of the vehicle controls and software update functions (e.g., cluster containers). The monitoring function placed in an isolated container can check communications from the secure area to block abnormal communications, protecting critical functions of the vehicle from attacks and improving vehicle safety.

It is also possible to import optional monitoring function as a plug-in via the security interface. The plug-in management function enables to select the appropriate monitoring function according to the characteristics of the communication. Since there is no need to change the application side when importing, this in-vehicle software can be introduced at low cost, and car manufacturers have decided to adopt it for in-vehicle deployment.

<Appendix>

Process

No.

Innovations

Overview

Remarks

Design

(1)

ISO/SAE 21434 compliant threat analysis innovations
VERZEUSE™ for TARA

Automates threat analysis of vehicles and in-vehicle devices. Allows users with no security expertise to efficiently derive threat analysis results.

• Press release*4 on October 24, 2024

• Feature 2 in this release

Implementation

(2)

Virtualization security innovations
VERZEUSE™ for Virtualization Extensions

Monitors the communication data controlled by the virtualization platform to enact security measures against unauthorized access and cyber attacks.
In this release, the enhanced version Type-3 adapts to container technology for in-vehicle systems and allows any monitoring function to be added as a plug-in.

• Press release*6 on January 16, 2023 

• Feature 3 in this release

(3)

Cyber security robustness innovations
VERZEUSE™ for Runtime Integrity Checker

Security monitoring software to constantly check if the security monitoring functions are working properly. Using our proprietary technology, the software monitors the system from a trusted execution environment to check that it is operating as expected and the data has not been tampered with.

• December 11, 2023*7

Evaluation

(4)

In-vehicle security evaluation innovations
VERZEUSE™ for Threat Evaluation and Security Test Assistance toolkit

Automates in-vehicle security evaluation process. Makes possible high-quality security evaluation even for users without security expertise.

• Please refer to the supplementary explanation below this appendix.

Production

(A)-1

Manufacturing security
Security innovations for industrial control systems

Detects and analyzes cyber attacks on network equipment in factories.
Provided by: Panasonic Solution Technologies Co., Ltd.
In cooperation with: Panasonic Holdings Corporation

 

(A)-2

Manufacturing security
Key management system

The company’s own key management system allows for fully in-house key management including issue, management, and operation of keys.
In cooperation with: Panasonic Holdings Corporation

 

Operation
Post- shipment

(5)

Security monitoring innovations for shipped vehicles
VERZEUSE™ for SIEM in SOC (Security Operation Center)

Detects cyber attacks on shipped cars and monitors them with Vehicle Security Operation Center (Vehicle SOC).
In cooperation with: Panasonic Holdings Corporation

• Press release*8 on March 23, 2021

(6)

Vulnerability analysis innovations for shipped vehicles
VERZEUSE™ for SIRT

Automates risk analysis of software vulnerabilities in shipped vehicles. Calculates possible cyber attack routes and impacts with our proprietary analysis algorithm.
In cooperation with: Panasonic Holdings Corporation

• Press release*9 on September 9, 2024

Supplementary explanation

VERZEUSE™ for Threat Evaluation and Security Test Assistance toolkit: Enabling high-quality, efficient security evaluation by users without security expertise.

image: VERZEUSE(TM) for Threat Evaluation and Security Test Assistance toolkit

This innovative toolkit allows users to efficiently carry out high-quality threat evaluation and security testing, which previously has been often performed manually during the evaluation phase, even without security expertise.
The procedures and standards for conducting various security evaluations, such as fuzz testing*10, vulnerability testing, and penetration testing*11, can be comprehensively defined with this toolkit. The defined procedures and standards can be flexibly customized according to evaluation items required for in-vehicle ECU development. In addition, its automated evaluation tool allows for efficient vulnerability assessment.

*1 EdgeTech+ 2024 https://www.jasa.or.jp/expo/english/
*2 In Japan, it applies only to vehicles supporting OTA (Over The Air: a process of updating and changing the software of devices such as smartphones and cars using wireless communication such as data communication).
*3 When the company analyzed its navigation system (220 resources, 1250 threat scenarios, and 3230 countermeasure requirements), it reduced the workload from 30 to 3 person-months
*4 October 24, 2024, Development of ISO/SAE 21434 compliant threat analysis innovations: VERZEUSE™ for TARA. https://news.panasonic.com/global/press/en241024-4
*5 ST-CSP-18: Requirements Definitions Document for In-vehicle Security Functions Using Software Isolation Technology Ver.1.01 (JASPAR(Japan Automotive Software Platform and Architecture), 2023).
*6 January 16, 2023, Virtualization Security Solution Developing VERZEUSE™ for Virtualization Extensions: Contributing to the Cybersecurity of Next-generation Cockpit Systems https://news.panasonic.com/global/press/en230116-2
*7 December 11, 2023, Cyber Security Robustness Innovations, Developed VERZEUSE™ for Runtime Integrity Checker, Strengthen In-Vehicle Cyber Security Measures https://news.panasonic.com/global/press/en231211-2
*8 March 23, 2021, Panasonic and McAfee agree to jointly start building Vehicle SOC for commercialization of Vehicle Security Monitoring Services https://news.panasonic.com/global/press/en210323-2
*9 September 9, 2024, Development of Vulnerability Analysis Innovations, VERZEUSE™ for SIRT https://news.panasonic.com/global/press/en240909-4
*10 Fuzzing test: A software testing technique that injects invalid, unexpected, or random data called fuzz into a target product or system to intentionally cause exceptions and detect potential bugs and vulnerabilities.
*11 Penetration test: A testing technique that checks for vulnerabilities of computer system connected to a network with hacking attempts using known technologies. It is also called pentest or intrusion testing.

About VERZEUSE™

Panasonic Automotive Systems Co., Ltd. markets VERZEUSE™ (https://automotive.panasonic.com/en/technology/cyber-security)*12 cybersecurity technology and services globally. Engineers at Panasonic Automotive Systems who worked together in the development of security technologies in various Panasonic Group products, including TVs, recorders, mobile phones, smartphones, payment terminals, and semiconductors, have turned their expertise toward developing cyber security technologies since 2014, drawing on their individual strengths to apply these technologies to automotive products. Panasonic Automotive Systems helps to ensure the safety and security of automated driving functions and network services to benefit society with technologies underpinned by a wealth of knowledge and experience.

*12 VERZEUSE™ was coined by combining the Spanish word “ver” meaning “look” and the god Zeus. The name is meant to inspire the feeling of a protective god of the sky watching over the safety of society.

Media Contact:

Corporate Communications Office, Corporate Planning Center, Panasonic Automotive Systems Co., Ltd.
e-mail: press-pas@ml.jp.panasonic.com

About Panasonic Automotive Systems Co., Ltd.

Panasonic Automotive Systems Co., Ltd. (https://automotive.panasonic.com/en) was launched on April 1, 2022, as a business company responsible for the automotive business in line with the start of the Panasonic Group’s business company system. We are a global company with operations in 22 countries and regions, approximately 30,000 employees, and sales of approximately 1,491.9 billion yen (fiscal 2023 results). As a Tier 1 company, we provide advanced technologies unique to Panasonic, such as infotainment systems, to automakers in Japan and overseas, contributing to the creation of comfortable, safe, and secure automobiles. Our corporate vision is to be the “Joy in Motion” Design Company, and we are committed to meeting the expectations of our customers around the world with technology that stands by people. To learn more about our company, please visit: https://automotive.panasonic.com/en

The content in this website is accurate at the time of publication but may be subject to change without notice.
Please note therefore that these documents may not always contain the most up-to-date information.
Please note that German, French and Chinese versions are machine translations, so the quality and accuracy may vary.

Issued:
Panasonic Automotive Systems Co., Ltd.

Downloads (Images)

Featured news