Expanding automotive cyber security innovations with VERZEUSE™ series

Yokohama, Japan, October 24, 2024 - Panasonic Automotive Systems Co., Ltd. has further expanded its series of VERZEUSE™, automotive cyber security innovations, to accommodate the security needs in each phase (design, implementation, evaluation, production, and operation) of the entire vehicle lifecycle, from the development to operation (after vehicle shipment).

This expansion offers efficiency and high quality standardization for security measures throughout the entire vehicle lifecycle by introducing tools to automate cyber security work which has been often performed manually, and to link input and output information in each phase.
VERZEUSE™ for Virtualization Extensions Type-3, a containerized virtualization security innovation to combat cyber attacks on in-vehicle software, has been evaluated highly by car manufacturers as a unique innovation, and has been newly adopted for in-vehicle deployment.

This newly announced system in the VERZEUSE™ series will be exhibited at EdgeTech+ 2024*¹ to be held from November 20 to 22, 2024.

In recent years, the risk of security threats, including cyber attacks targeting cars, has constantly been on the rise alongside the evolution of software-defined vehicles (SDVs) whose functions are enhanced with software and the increase in the number of vehicles connected to networks, known as connected cars. In January 2021, UN Regulation UN-R155 has come into effect, and it has been applied to new vehicles*² in Japan and Europe since July 2022. In order to comply with UN-R155, there is an urgent need to establish a cyber security system in accordance with ISO/SAE 21434.

In this environment, the company foresees future demand for implementation of even more comprehensive security measures in each phase of vehicle lifecycle from development to shipment (design, implementation, evaluation, production, and operation) and streamlining of the enormous amount of work needed for vulnerability countermeasures.

The VERZEUSE™ series provides innovative systems for each phase of the entire vehicle lifecycle (design, implementation, evaluation, production, and operation) from development to shipment. The input and output information of each phase can be linked through the Panasonic Group’s database of Threat Intelligence which collects threat information from various industries such as factory automation, home appliances, and IoT devices.

For example, the analysis result information output from the design phase (1) VERZEUSE™ for TARA is referenced as input information in the evaluation phase (4) VERZEUSE™ for Threat Evaluation and Security Test Assistance toolkit and the post-shipment phase (6) VERZEUSE™ for SIRT. Likewise, the vulnerability assessment results output from the evaluation phase (4) VERZEUSE™ for Threat Evaluation and Security Test Assistance toolkit is referenced as input information in the post-shipment phase (5) VERZEUSE™ for SIRT.

This linkage between phases not only further streamlines security measures, but also helps to consistently manage security information throughout the entire vehicle lifecycle and to maintain security risk management to a high standard.

During the early stages of vehicle development, even developers who are not security experts can simply answer a few questionnaires to determine countermeasure requirements based on the characteristics of in-vehicle devices from Panasonic Automotive Systems’ Threat Intelligence, which collates threats, vulnerabilities, and security controls.

This innovative system has been applied to more than 80 of the company’s in-vehicle products. For example, compared to the conventional manual process of threat analysis, this system has been proven to reduce workload by up to 90%*³ for large-scale products such as navigation systems. Car manufacturers that have used the system have highly evaluated its usefulness, and we have been commissioned to provide multiple consulting projects for risk assessment. For details, please refer to the press release*⁴.

This in-vehicle software innovation meets the security requirements*⁵ of next-generation cockpit systems that utilize a virtualization environment and monitors the communication between the software area which has a high risk of being targeted by attackers via the external network connection (e.g. externally connected virtual machine) and the software area which implements essential functions of the vehicle controls and software update functions (e.g., cluster containers). The monitoring function placed in an isolated container can check communications from the secure area to block abnormal communications, protecting critical functions of the vehicle from attacks and improving vehicle safety.

It is also possible to import optional monitoring function as a plug-in via the security interface. The plug-in management function enables to select the appropriate monitoring function according to the characteristics of the communication. Since there is no need to change the application side when importing, this in-vehicle software can be introduced at low cost, and car manufacturers have decided to adopt it for in-vehicle deployment.

This innovative toolkit allows users to efficiently carry out high-quality threat evaluation and security testing, which previously has been often performed manually during the evaluation phase, even without security expertise.
The procedures and standards for conducting various security evaluations, such as fuzz testing*¹⁰, vulnerability testing, and penetration testing*¹¹, can be comprehensively defined with this toolkit. The defined procedures and standards can be flexibly customized according to evaluation items required for in-vehicle ECU development. In addition, its automated evaluation tool allows for efficient vulnerability assessment.

*1 EdgeTech+ 2024 https://www.jasa.or.jp/expo/english/
*2 In Japan, it applies only to vehicles supporting OTA (Over The Air: a process of updating and changing the software of devices such as smartphones and cars using wireless communication such as data communication).
*3 When the company analyzed its navigation system (220 resources, 1250 threat scenarios, and 3230 countermeasure requirements), it reduced the workload from 30 to 3 person-months
*4 October 24, 2024, Development of ISO/SAE 21434 compliant threat analysis innovations: VERZEUSE™ for TARA. https://news.panasonic.com/global/press/en241024-4
*5 ST-CSP-18: Requirements Definitions Document for In-vehicle Security Functions Using Software Isolation Technology Ver.1.01 (JASPAR(Japan Automotive Software Platform and Architecture), 2023).
*6 January 16, 2023, Virtualization Security Solution Developing VERZEUSE™ for Virtualization Extensions: Contributing to the Cybersecurity of Next-generation Cockpit Systems https://news.panasonic.com/global/press/en230116-2
*7 December 11, 2023, Cyber Security Robustness Innovations, Developed VERZEUSE™ for Runtime Integrity Checker, Strengthen In-Vehicle Cyber Security Measures https://news.panasonic.com/global/press/en231211-2
*8 March 23, 2021, Panasonic and McAfee agree to jointly start building Vehicle SOC for commercialization of Vehicle Security Monitoring Services https://news.panasonic.com/global/press/en210323-2
*9 September 9, 2024, Development of Vulnerability Analysis Innovations, VERZEUSE™ for SIRT https://news.panasonic.com/global/press/en240909-4
*10 Fuzzing test: A software testing technique that injects invalid, unexpected, or random data called fuzz into a target product or system to intentionally cause exceptions and detect potential bugs and vulnerabilities.
*11 Penetration test: A testing technique that checks for vulnerabilities of computer system connected to a network with hacking attempts using known technologies. It is also called pentest or intrusion testing.

*12 VERZEUSE™ was coined by combining the Spanish word “ver” meaning “look” and the god Zeus. The name is meant to inspire the feeling of a protective god of the sky watching over the safety of society.

Corporate Communications Office, Corporate Planning Center, Panasonic Automotive Systems Co., Ltd.
e-mail: press-pas@ml.jp.panasonic.com