Case Study

Crypto Stack Integration for BMS

Customer(EU):

Global TIER-1 focused on reliable automotive systems and components in the field of exhaust gas purification, thermal management, and automotive controls.

End customer – Mercedes Benz

Challenges

As vehicles become more connected and autonomous, ensuring the security and integrity of data and communications becomes crucial.

Integrate the CRYPTO Stack and HSM into existing ECU architecture within short timeframe (4 months)
Ensure automotive‐grade security and compliance with relevant standards
Maintain performance, reliability and compatibility with existing BMS system
Complex coordination between firmware, hardware security module (HSM) vendor, and OEM security requirements, leading to tight integration dependencies.
Limited access to production hardware during early development phases, which delayed full validation of the crypto stack under real BMS conditions.
High testing and certification overhead, as every cryptographic function had to meet automotive cybersecurity standards (e.g., ISO 21434).

Solutions



Configured the hardware security module (HSM) and crypto stack to be fully compatible with the target ECU microcontroller and the whole Battery Management System ECU



Integrated secure boot and key management services to ensure trusted software execution and secure firmware updates.



Developed cryptographic communication modules (e.g., Secure Onboard Communication – SecOC) to protect in-vehicle data exchange.



Implemented end-to-end encryption and authentication layers for CAN and diagnostic communication.



Delivered the first functionality (Secure Diagnostics) in 4 months



Feature complete in 12 months

Key Impact



Achieved secure ECU deployment within 4 months, meeting the OEM’s cybersecurity and delivery milestones.



Enhanced system resilience through hardware-based key protection and secure boot validation.



Enabled compliance with ISO 21434 automotive cybersecurity standard.



Improved maintainability and scalability of the ECU firmware by modularizing cryptographic components for future OTA updates.

Applied Methodology



Agile-V Hybrid Approach: Combined Agile sprints for software module integration with the traditional V-Model used in automotive development.



Iterative Security Integration: Introduced cryptographic and HSM components incrementally, validating each milestone through integration and regression testing.



Hardware-in-the-Loop (HiL) Validation: Used HiL setups to simulate ECU-level conditions and verify crypto stack stability under real-time constraints.



Continuous Verification: Embedded automated unit and integration tests into the CI/CD pipeline to ensure compliance with security and performance KPIs.



Cross-Functional Collaboration: Maintained close alignment between software, hardware, and cybersecurity teams, supported by weekly OEM technical reviews.

Tasks / Responsibilities



Integration



Configuration



Code implementation (Embedded C)



Secure Boot



Secure Diagnostics



Secure Communication



Secure Authentication

Toolchain / Technologies



DaVinci Configurator



DaVinci Developer



Tasking



AUTOSAR



Lauterbach Trace32



CANoE



CANdela



Infineon Aurix TC37X

Team Composition



2 Crypto experts



1 System engineer



2 QAs

First Delivery

Feature Complete

%

Customer Satisfaction

Helping OEMs Grow with Technology

By driving innovation, enhancing operational efficiency, fostering long-term partnerships, and providing training and education, CONCEPTHYPE makes a significant impact on OEMs’ success.