Crypto Agility: ECU and System Lessons Learned

Designing secure vehicle systems presents a significant cryptographic challenge due to the long operational lifespan expected of automotive products. Systems developed today must remain secure and functional for up to 20 years, covering both production cycles and warranty obligations. Over such a timeframe, advances in classical and quantum computing are likely to undermine the cryptographic algorithms currently deployed in vehicles. This creates a risk that today’s secure systems may become vulnerable in the future. While new cryptographic algorithms have been standardized to address these concerns, their recent introduction means they lack a proven track record of robustness in real-world applications. Consequently, maintaining long-term security may require updating cryptographic algorithms or transitioning to entirely new ones. This is where crypto agility, the ability to adapt cryptographic mechanisms without overhauling entire systems, becomes essential. To evaluate the feasibility and necessity of crypto agility, Stellantis conducted a series of internal paper exercises. These exercises explored the potential impact of increased computational power on current systems and assessed the agility of existing systems. Key focus areas included procedures for changing cryptographic keys and algorithms, and the implications of compromised asymmetric keys, both within vehicle ECUs and the backend systems that directly support them. For all of these scenarios the analysis considered two broad approaches to the distribution of cryptographic material, push and pull, as well as the different functions that cryptography supports. Scenarios beyond the vehicle and its direct support infrastructure were excluded to maintain scope. The insights gained from these exercises have been generalized to remove Stellantis-specific details, making them applicable to the broader automotive cybersecurity community. These lessons aim to inform future strategies for building resilient, adaptable vehicle security systems in the face of evolving cryptographic threats.