System Level Cybersecurity Requirements
system-level cybersecurity requirements set focused on cryptography, structured from Planning β Development β End-of-Line (Production) β Operation β End-of-Life. The requirements are written in a formal βshallβ style, suitable for ISO/SAE 21434 compliance, system requirements specifications, and OEM/Tier-1 contracts.
Normative Context
Derived in alignment with:
ISO/SAE 21434
UNECE UN R155
STRIDE β Cybersecurity Properties (CIAAA+NR)
System-Level Cryptography Cybersecurity Requirements
1. Planning / Concept Phase
(Item Definition, TARA, Cybersecurity Goals)
Integrity Requirements
CR-P-INT-01 The system shall define cryptographic integrity protection mechanisms for all safety- and security-relevant software and data identified in the TARA.
CR-P-INT-02 The system shall ensure software authenticity and integrity through cryptographic verification before execution.
Confidentiality Requirements
CR-P-CONF-01 The system shall identify all confidential assets (keys, firmware, personal data) requiring cryptographic protection.
CR-P-CONF-02 The system shall define confidentiality protection needs for in-vehicle, diagnostic, and backend communication channels.
Authentication & Authorization
CR-P-AUTH-01 The system shall require cryptographic authentication for all external entities interacting with the ECU.
CR-P-AUTHZ-01 The system shall define cryptographic authorization levels for diagnostics, flashing, and configuration.
Non-Repudiation
CR-P-NR-01 The system shall support cryptographic evidence for software origin and update provenance.
Availability
CR-P-AVL-01 The system shall ensure cryptographic mechanisms do not cause denial-of-service under defined operating conditions.
2. System & Architecture Design Phase
Integrity
CR-A-INT-01 The system shall implement a cryptographic secure boot chain of trust from immutable root to application software.
CR-A-INT-02 The system shall protect firmware, calibration, and configuration data against unauthorized modification using cryptographic integrity checks.
Confidentiality
CR-A-CONF-01 The system shall protect cryptographic keys using hardware-backed secure storage.
CR-A-CONF-02 The system shall encrypt sensitive data at rest and in transit where confidentiality is required by TARA.
Authentication
CR-A-AUTH-01 The system shall use cryptographic identities (keys or certificates) to uniquely authenticate the ECU.
Authorization
CR-A-AUTHZ-01 The system shall enforce cryptographic authorization before allowing diagnostics, flashing, or secure services.
Cryptographic Governance
CR-A-GOV-01 The system shall use only OEM-approved cryptographic algorithms, key lengths, and modes.
3. Detailed Design & Implementation Phase
Integrity
CR-I-INT-01 The system shall verify cryptographic signatures of all executable software before execution.
CR-I-INT-02 The system shall detect and block rollback attempts using cryptographic version protection.
Confidentiality
CR-I-CONF-01 The system shall ensure cryptographic keys never leave the secure boundary in plaintext.
CR-I-CONF-02 The system shall prevent hard-coded or shared secrets across ECUs unless explicitly approved.
Authentication & Authorization
CR-I-AUTH-01 The system shall implement cryptographic challenge-response mechanisms for secure diagnostics.
CR-I-AUTHZ-01 The system shall cryptographically bind authorization rights to authenticated identities.
Availability
CR-I-AVL-01 The system shall handle cryptographic failures securely without blocking vehicle-critical functions.
4. Integration, Verification & Validation Phase
Integrity Verification
CR-V-INT-01 The system shall be verified to reject unsigned or tampered software.
CR-V-INT-02 The system shall demonstrate resistance to replay and injection attacks.
Confidentiality Verification
CR-V-CONF-01 The system shall verify that encrypted communication cannot be decrypted by unauthorized entities.
Authentication & Authorization Verification
CR-V-AUTH-01 The system shall reject unauthenticated diagnostic and flashing attempts.
Evidence
CR-V-EVID-01 The system shall provide test evidence demonstrating correct cryptographic behavior.
5. Production & End-of-Line (Manufacturing)
Integrity
CR-M-INT-01 The system shall provision ECU-unique cryptographic identities during production.
Confidentiality
CR-M-CONF-01 The system shall perform cryptographic key injection in a secured manufacturing environment.
CR-M-CONF-02 The system shall prevent exposure of production keys to operators or test equipment.
Authentication
CR-M-AUTH-01 The system shall ensure manufacturing access is cryptographically authenticated and logged.
6. Operation & Maintenance (Vehicle in Field)
Integrity
CR-O-INT-01 The system shall cryptographically verify all software updates before installation.
Confidentiality
CR-O-CONF-01 The system shall maintain confidentiality of in-field communications with backend and diagnostic tools.
Authentication & Authorization
CR-O-AUTH-01 The system shall authenticate backend services and diagnostic tools cryptographically.
CR-O-AUTHZ-01 The system shall support revocation of cryptographic credentials in case of compromise.
Availability
CR-O-AVL-01 The system shall allow cryptographic updates without requiring ECU replacement, where feasible.
7. End-of-Life (Vehicle & ECU Decommissioning)
Integrity & Confidentiality
CR-EOL-INT-01 The system shall prevent execution of unauthorized software after end-of-life.
CR-EOL-CONF-01 The system shall invalidate or erase cryptographic material according to OEM EOL policy.
Authentication & Authorization
CR-EOL-AUTH-01 The system shall revoke ECU certificates and backend access at end-of-life.
Compliance
CR-EOL-COMP-01 The system shall provide evidence of cryptographic decommissioning to support UN R155 CSMS compliance.
Quick Property Coverage Matrix
Integrity
Planning β EOL
Confidentiality
Architecture β EOL
Authentication
Planning β EOL
Authorization
Architecture β EOL
Availability
Design β Operation
Non-Repudiation
Planning β Operation
Last updated
Was this helpful?