• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Microcontroller Tips

Microcontroller engineering resources, new microcontroller products and electronics engineering news

  • Products
    • 8-bit
    • 16-bit
    • 32-bit
    • 64-bit
  • Applications
    • 5G
    • Automotive
    • Connectivity
    • Consumer Electronics
    • EV Engineering
    • Industrial
    • IoT
    • Medical
    • Security
    • Telecommunications
    • Wearables
    • Wireless
  • Learn
    • eBooks / Tech Tips
    • EE Training Days
    • FAQs
    • Learning Center
    • Tech Toolboxes
    • Webinars/Digital Events
  • Resources
    • Design Guide Library
    • DesignFast
    • LEAP Awards
    • Podcasts
    • White Papers
  • Videos
    • EE Videos & Interviews
    • Teardown Videos
  • EE Forums
    • EDABoard.com
    • Electro-Tech-Online.com
  • Engineering Training Days
  • Advertise
  • Subscribe

Cybersecurity testing in 5G automotive designs

July 30, 2020 By Lee Teschler Leave a Comment

Special instrumentation can help bullet-proof the communication equipment powering next-generation vehicles.

Craig Hendricks, Anritsu Co.
The roll-out of 5G is bringing a host of real-time Internet-of-Things (IoT) capabilities to automotive designs. Use cases such as enhanced Mobile Broadband (eMBB, high-data-rate use cases for 4G LTE and 5G NR services that allows a high data rate across a wide coverage area) and Ultra-Reliable Low Latency Communication (URLLC) are empowering autonomous vehicles, infotainment systems and security programs. They are also allowing automobiles to leverage smart cities systems (V2N). But these capabilities create a new set of design verification hurdles for engineers.

One requirement associated with emerging automotive designs utilizing 5G technologies is cybersecurity. Prevention of attacks that can create dangerous scenarios in automotive and other mission-critical applications is a new design consideration for engineers developing components and systems.

Much of this concern is due to vulnerabilities caused by the complex architecture associated with 5G. For example, instead of centralized hardware-based switching, 5G employs a software-defined network. This network employs virtualization functions that can be vulnerable from multiple points, if someone gains control of the software. Other vulnerabilities arise because of the high bandwidth and large number of devices connecting to the network.

Network slicing

The flexibility of the 5G architectural approach enables use of efficient, interoperable multi-service pipelines within the core network. These transmission paths support virtual end-to-end network services using a technique called network slicing. Network slicing allows multiple logical networks to run on top of a shared physical network infrastructure. The

network slicing
An example of 5G network slicing, courtesy of William Malik, Trend Micro. Click to enlarge.

slices occupying a single physical network are separated such that traffic and security breaches from one slice cannot interfere with another slice. Each slice has the bandwidth and quality of service (QoS) parameters necessary to support a specific service class.

Network slicing supports advanced techniques such as URLLC and eMBB, as well as the traditional mobile voice and broadband services. It also brings benefits to telematics control units (TCUs) used in autonomous vehicles. And network slicing improves other Machine-to-Machine (M2M) connections used in infrastructure services for smart cities, smart grids, and smart roadways.

Though 5G networks benefit automotive designs, the trade-off is they introduce vulnerabilities at almost every layer of the network stack. Such security risks weren’t a concern with 4G LTE. But the air interface that connects 5G UE (user equipment) with base stations potentially let cyber criminals inject malicious control signals. These malicious signals can potentially misdirect traffic, take control of vehicles, force disconnections, or induce critical system failures.

Typical test configuration for cyber-security verification.

There will be considerable 5G traffic offloaded from relatively secure carrier networks to the less secure internet. Recognizing the potential for nefarious activity, 5G network architectures integrate several security features, including security edge protection proxy at the border of the Public Land Mobile Network (PLMN, a mobile wireless network using earth-based stations rather than satellites), enhanced privacy for the Subscription Permanent Identifier (SUPI, a string of decimal digits representing the Mobile Country Code and Mobile Network Code identifying the network operator), and a unified authentication framework that includes the Security Anchor Function (SEAF decides whether UE is authentic via what’s called an anchor key). To design secure UE, engineers must use components, software, and design practices that ensure compatibility and compliance with ABBA (basically a parameter signifying which security features are enabled), SEAF, and other security mechanisms defined in 3GPP TS 33.501.

Also vital to protect automotive systems is testing to ensure the UE complies with 5G network security mechanisms. Engineers must have a high degree of confidence that their products can resist compromise or corruption. Many UE manufacturers employ a Practical Security Testing process to ensure product performance.

tcu testing
An efficient test environment to verify automotive TCU using a 5G and 4G Internet connection. Using network simulators, the TCU can receive multiple IP addresses for various IP connections using numerous APNs that can include IMS servers (for VoLTE/VoNR), T-put server for testing maximum IP throughput, and an internet gateway.

Practical Security Testing uses a network simulator such as a signaling tester or wireless communications test set. These tools serve as a base station to connect with the UE and a testing server that exercises the device using commercial or proprietary software. Functional security measurements are one of a series of tests necessary to verify the UE performs according to specification.

Similar to the general functional testing performed during design verification, testing for 5G automotive systems also focuses on security functions. Here, a network simulator typically exercises the UE with sequences created by a lab or a production server.

A powerful new generation of test and simulation equipment has been developed to address the specific security concerns associated with automotive designs. These systems can efficiently verify compliance with 3GPP by connecting with actual service servers. This lets comprehensive testing take place without the influence of an RF channel, as well as under specific network conditions. This approach can also reproduce bugs and cyber-attacks common in the field while the UE sits in the lab.

Efficient cyber-security testing requires flexible hardware with application-specific software. For example, mobility testing for E-UTRAN New Radio – Dual Connectivity (EN-DC is a way of enabling 5G services and data rates in a predominantly 4G network. UEs supporting EN-DC can connect simultaneously to LTE master nodes and 5G-NR secondary nodes.) Using this application-specific software, EN-DC mobility testing can take place without the need to create complicated scenarios. It simplifies the testing process while providing the flexibility for future tests as standards evolve.

Software is available to handle specific tests and levels of complexity. Dedicated software packages can let the base station emulator create an interactive test environment without complicated test scripts. They can support multi-system simulation of common actions such as, to name a few, cell selection/reselection, roaming, SRVCC (Single Radio Voice Call Continuity, a way of handing over VoLTE (Voice over LTE) to 2G/3G networks. VoLTE uses LTE channels for phone calls rather than low-bandwidth voice channels), and EPS fallback (lets phones use the 5G core with NR, but the radio access network may trigger moving the phone to an internet service during call establishment). Such a system makes it possible to efficiently create a real-world environment to test UE for key functions for IMS (IP Multimedia Core Network Subsystem, a framework for delivering IP multimedia services) such as VoLTE , VoNR (Voice over 5G NR), data communications, and messaging. All these tests can take place without forcing the operator to have an extensive understanding of the network protocol.

Script software is available that lets users create their own test cases. Engineers must have a deep knowledge of the protocol to write these low-level scripts. For example, users must write test scripts using a ladder sequence with an IMS protocol scripting option. The benefits of this more complex approach include a higher level of flexibility and scalability.

There is also software available to capture IMS call flows from a live network and a tool to convert that data into a script, removing the need for the deep knowledge of the IMS protocol. This approach also allows testing IMS functions using carrier-specific IMS implementations.

Script software also gives engineers the ability to:

  • Check user-specific abnormal tests and protocol checks at any message level
  • Conduct call processing of LTE for IMS development and evaluation
  • Test STIR/SHAKEN (Secure Telephone Identity Revisited and Signature-based Handling of Asserted information using toKENs, a framework for ensuring the authenticity of a given call) to prevent VoIP call spoofing from spammers
  • Have flexible support for evolving 5G core specification, such as Voice over NR (VoNR)

Dedicated software and network emulators verify the requirements of 5G use cases. For example, it’s more important to verify maximum throughput in eMBB on a 5G UE than on a 4G LTE device. Necessary tests include IP throughput performance and TCP/UDP/FTP. Tests must also support Carrier Aggregation (CA) with 2×2 or 4×4 multiple-input-multiple-output (MIMO) with up to 256QAM.

Engineers must also quantify power consumption and heat levels at maximum throughput to satisfy 3GPP standards. Software supports detailed settings related to the base station, packets communication state, UE Tx RF output, and power consumption.

Other functional tests for compliance include stress tests of the CPU and software at maximum throughput and tests of a device that supports dual SIM dual active (DSDA, where two SIM cards are constantly active). An example test would measure the UE as it simultaneously conducts 1,000 SMS messages, VoLTE, video streaming, and downloading a large file to measure how robust the software is and test for stack overflows.

Also critical for automotive designs is reject testing to see how a TCU responds in abnormal conditions and to duplicate field issues. There are three types of reject testing that can be preformed:

Cellular Signaling Message Reject – An example would be an attach reject with a specified reject cause code, and reject for a certain amount of time, a certain number of re-tries or on a certain cell.

IMS Message Reject – This is for testing abnormal situations with the IMS protocol to see how the TCU software responds.

APN Reject – For rejecting the connection when the TCU requests a certain APN name. (Access Point Name or APN is the name for the settings a phone reads to set up a connection to the gateway between the carrier’s cellular network and the public internet.)

All in all, new hardware and software help create economical test environments that emulate real-world scenarios to verify designs and ensure systems comply with 3GPP security standards.

You may also like:

  • RTI
    Open-source autonomous driving platform gets more industry support
  • LPWAN
    Who is winning the LPWAN race? Part 2
  • HMI design
    Starting an HMI design? Here are four things to watch
  • secure IoT
    Billions of reasons to build a trusted safe and secure…

Filed Under: 5G, Applications, Automotive, FAQ, Featured, Security Tagged With: anritsu, FAQ

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Featured Contributions

Five challenges for developing next-generation ADAS and autonomous vehicles

Securing IoT devices against quantum computing risks

RISC-V implementation strategies for certification of safety-critical systems

What’s new with Matter: how Matter 1.4 is reshaping interoperability and energy management

Edge AI: Revolutionizing real-time data processing and automation

More Featured Contributions

EE TECH TOOLBOX

“ee
Tech Toolbox: Internet of Things
Explore practical strategies for minimizing attack surfaces, managing memory efficiently, and securing firmware. Download now to ensure your IoT implementations remain secure, efficient, and future-ready.

EE Learning Center

EE Learning Center

EE ENGINEERING TRAINING DAYS

engineering
“bills
“microcontroller
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, tools and strategies for EE professionals.

RSS Current EDABoard.com discussions

  • What is the purpose of the diode from gate to GND in normal Colpitts oscillator Circuits?
  • How can I get the frequency please help!
  • 12VAC to 12VDC 5A on 250ft 12AWG
  • ILI9163 LCD driver
  • Elektronik devre

RSS Current Electro-Tech-Online.com Discussions

  • 100uF bypass Caps?
  • Fuel Auto Shutoff
  • Actin group needed for effective PCB software tutorials
  • how to work on pcbs that are thick
  • compatible eth ports for laptop

DesignFast

Design Fast Logo
Component Selection Made Simple.

Try it Today
design fast globle

Footer

Microcontroller Tips

EE World Online Network

  • 5G Technology World
  • EE World Online
  • Engineers Garage
  • Analog IC Tips
  • Battery Power Tips
  • Connector Tips
  • DesignFast
  • EDA Board Forums
  • Electro Tech Online Forums
  • EV Engineering
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips

Microcontroller Tips

  • Subscribe to our newsletter
  • Advertise with us
  • Contact us
  • About us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy