CycurIDS

CycurIDS
Embedded intrusion detection for CAN and Ethernet networks

As connectivity increases, new openings emerge for cyberattacks. Consequently, UNECE regulations require that OEMs and fleet operators provide effective security risk management for vehicles throughout their life cycle. One of the key elements for achieving this is attack detection via intrusion detection systems (IDS) in the vehicle. But how can reliable monitoring of on-board network communication via IDS still be guaranteed in the future, even under the increased requirements of Ethernet-based E/E architectures?

With its CycurIDS intrusion detection system, which is available as CycurIDS-CAN for CAN/CAN-FD networks and CycurIDS-ETH for Ethernet networks, ESCRYPT is offering a solution that is tailored-made for vehicle electronics and the increased requirements of connectivity. The IDS manager CycurIDS-M and the IDS reporter CycurIDS-R complete the offer towards a distributed In-vehicle intrusion detection system.

IDS Sensors - identiy security incidents on host and network level, In-vehicle distributed IDS - Collects security incidents, performs pre-analysis and communicates with the backend, Vehicle SOC - Team of security experts analyzes security events and decides about countermeasures, ESCRYPT Products - CyrusIDS & CycurGATE function as smart IDS Sensors, detecting anomalies on CAN and automotive

An immune system for vehicles

The main task of an IDS is to identify attacks on the vehicle and report them to a vehicle security operations center (VSOC), from where appropriate countermeasures can be initiated. To fulfill this task, a distributed IDS in the vehicle comprises several components: IDS sensors (CycurIDS-CAN & CycurIDS-ETH), IDS manager (CycurIDS-M), and an IDS reporter (CycurIDS-R). The in-vehicle components and the V-SOC forms the IDPS solution, which enables manufacturers and fleet operators to establish a life cycle of continuous security improvements.

Security guard for electrical system communications

CycurIDS is a ready-to-use software solution to enable in-vehicle intrusion detection for current and Ethernet based E/E architectures.
CycurIDS can be seamlessly integrated into today’s ECUs and on all standard embedded platforms.
CycurIDS helps fulfill future legal and regulatory requirements.

CycurIDS is a whitebox security solution – customers receive their individual configuration tool.
CycurIDS is deeply embedded, performance optimized and deterministic.
ESCRYPT provides the complete continuous protection ecosystem, including configuration trainings, field application engineers as well as vehicle SOC service.

More details

CycurIDS-CAN product features

Monitoring of forwarded CAN traffic & detection of potential attacks (anomalies)
Configuration GUI provided automatic rule generation and simulation
Reporting and logging of anomalies, either locally or to Vehicle SOC
Heuristic and signature-based detection on ECU
CycurIDS-CAN is fully interoperable with the IDS manager concept and can be incorporated as a “smart sensor” to detect intrusions on CAN

CycurIDS-CAN configuration

The calibration of CycurIDS-CAN is based on manufacturer-specific configuration data (DBC/ARXML) for vehicle CAN networks. This configuration is optimized and validated by running a simulation based on recorded network traffic. The result is a high detection rate coupled with a low number of false alarms.

CycurIDS-CAN examplary detection features

CycurIDS-CAN enables you to observe message frequency to detect “message injection”
CycurIDS-CAN allows to compare all messages on the busses with a whitelist to detect unspecified messages
CycurIDS-CAN detects malicious diagnostic requests while driving, e.g. detect attempts to shutdown certain ECU

CycurIDS-ETH product features

Monitoring of Ethernet traffic & detection of potential attacks (anomalies)
Configuration GUI provided automatic rule generation and simulation
Reporting and logging of anomalies, either locally or to Vehicle SOC
Heuristic and signature-based detection on ECU
Ready-to-use software solution to enable in-vehicle intrusion detection for current and future Ethernet based E/E architectures
CycurIDS-ETH can run entirely on Ethernet switch as well as uC/uP

CycurIDS-ETH configuration

The configuration of CycurIDS-ETH is based on manufacturer network description files e.g. ARXML for vehicle ethernet network. This configuration is optimized and fined tuned futher using the configuration tool GUI.

CycurIDS-ETH examplary detection features

CycurIDS-ETH offers specification based intrusion detection
CycurIDS-ETH allows anomaly based intrusion detection
CycurIDS-ETH detects malicious diagnostic requests while driving, e.g. detect attempts to shutdown certain ECU

Security strategy for the entire vehicle life cycle

Integrated intrusion detection and protection

Intrusion detection and protection calls for continuously effective, comprehensive security mechanisms. To this end, the CycurGATE embedded firewall protects vehicle ECUs and networks against all known attack patterns. In addition, ESCRYPT offers a cyber defense center backend: CycurGUARD. This evaluates notifications from IDS components, detects new attack trends, helps determine the causes of security incidents, and defines countermeasures for distribution throughout the vehicle fleet.