XGuard Onboard Security

Multi-Layer Security for Automotive Systems

Karamba Security’s XGuard Onboard Security is part of the XGuard Suite that offers a comprehensive set of tools for the teams responsible for development, maintenance and cybersecurity of automotive systems including ECUs and the networks that connect them.

Addressing industry regulations and standards, such as UN R155 and ISO/SAE 21434, XGuard Onboard Security provides underlying security enablers and a set of controls needed to protect automotive systems and communication.

Modules include Secure Boot, HSM utilization, cryptographic libraries, secure storage and AUTOSAR SecOC, designed to provide a strong security posture for individual devices and for deployed automotive fleets.

XGuard Onboard Security Elements

The figure below lists mitigations recommended or required in Annex 5 of the UN R155 regulation. The Onboard Security modules have been designed to function in compliance with this regulation and with the automotive cybersecurity management requirements of the ISO/SAE 21434 standard.

XGuard OBS Controls and Enablers

XGuard Onboard Security Enablers

As the foundation layer of XGuard Onboard Security, the main modules containing libraries and other files for use in the development of the mandated cybersecurity controls cover cryptographic functions, secure storage, and secure logging.

Cryptography

Cryptographic Module

Features and functions include key management and a hardware abstraction layer.

Key Management: The key management service enables creating and managing certificates and symmetric keys. It is easily adapted to new boards, via a hardware abstraction layer and system-specific crypto drivers. Basic cryptographic services are offered, such as AES, CMAC, Hashing, Key Derivation, TRNG, and PRNG, as well as RSA digital signature algorithms.

APIs: This module provides AUTOSAR compliant crypto APIs via the Crypto Service Manager, such as:

  • Hash functions
  • MAC calculations
  • CRC calculations
  • Random number generation.

It uses the hardware capabilities available on each individual board architecture

Secure Storage

Secure Storage

Secure persistent storage enables the storing of sensitive data such as:

  • keys
  • certificates
  • privacy-related data
  • application configuration parameters
  • calibration data
  • authentication information

Hardware-based secure storage is used by XGuard when available.

Logging

Secure Logging

  • Manages security event collection and storage
  • Provides standard structure and format
  • Ensures Integrity and Authenticity

XGuard Onboard Security Controls

Secure boot

Secure Boot

Karamba provides guidelines and implementation support for implementation and configuration of secure boot.

Secure flashing

Secure Flashing

For the required data-protection safeguards, XGuard Onboard provides signature validation functionality, as well as secure storage of firmware-update images.

Authentication

UDS Authentication and Authorization

Alternatives for the mechanism used for authentication include Seed & Key exchange, and Certificate-based authentication.

Communication

Secure Onboard Communication (SecOC)

XGuard SecOC ensures message authenticity, integrity and freshness for in-vehicle communication. This control complies with the AUTOSAR Secure Onboard Communication protocol standard.

Contact us to discuss Onboard Security with XGuard

Want to learn more?

Contact Us
Loc

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

Loc

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA

© 2026 Karamba Security