India’s automotive sector is accelerating toward a connected, electrified future, with millions of vehicles now equipped with electronic control units (ECUs), advanced driver-assistance systems (ADAS), and over-the-air (OTA) updates. However, this evolution introduces cyber vulnerabilities, from CAN bus hijacking to remote ECU manipulation. Enter AIS-189 and AIS-190—Indian Automotive Industry Standards (AIS) crafted by the Automotive Industry Standards Committee (AISC) under the Automotive Research Association of India (ARAI). These norms, aligned with UNECE R155/R156 and ISO/SAE 21434, mandate robust cybersecurity frameworks for vehicle homologation.
AIS-189 establishes a comprehensive Cyber Security Management System (CSMS) for Original Equipment Manufacturers (OEMs), requiring proactive identification, assessment, and mitigation of cyber risks across the entire vehicle lifecycle—from concept and design to decommissioning. Applicable to vehicles in categories M (passenger), N (goods), and T (agricultural), plus select L7 two-wheelers with advanced automation, it targets systems with ECUs handling critical functions. This standard doesn’t just enforce rules, it fosters a security-first culture. By embedding cybersecurity into design (e.g., via secure boot and encrypted communications), it shields against evolving threats in India’s dense traffic and smart city integrations.
Complementing AIS-189, AIS-190 focuses on the Software Update Management System (SUMS), addressing the OTA revolution powering EVs, infotainment, and autonomy. It applies to update-capable vehicles in categories M, N, T, A (mopeds), and C (tricycles), ensuring updates maintain integrity, authenticity, and traceability. Key mandates cover cryptographic signing of firmware, rollback mechanisms to safe states, and audit logs for post-update verification.
No CSMS or SUMS is viable without specialized hardware. Leading the charge are the Hardware Security Modules (HSMs) tamper-resistant chips embedded in ECUs for isolated cryptographic operations. They provide secure key storage, random number generation, and hardware-accelerated AES/ECDSA for CAN/Ethernet encryption.
Trusted Execution Environments (TEEs) create fortified processor enclaves for sensitive tasks such as OTA authentication. They isolate crypto from the rich OS, thwarting side-channel attacks. Secure Elements, including Trusted Platform Modules (TPMs) anchor root-of-trust. Secure elements offer tamper-resistant storage for cryptographic keys and sensitive data, enabling secure boot, V2X communication, digital keys, OTA updates, and in-vehicle payments. They isolate security processes from main processors, reducing risks of tampering, cloning, and remote attacks while complying with standards like ISO/SAE 21434. Automotive-grade SEs also support EV charging authentication and enhance communication in noisy environments. Automotive-specific TPMs integrate easily and provide integrity reporting by TCG standards. These deliver secure boot (verifying firmware integrity at power-on), key provisioning, and anti-cloning for ECUs. In AIS-189 TARA, they quantify risks and in AIS-190, they validate update chains.
By mandating CSMS/SUMS and hardware like HSMs, they secure 5G-V2X fleets, EV swarms, and autonomous shuttles. OEMs embracing them today lead tomorrow’s billions-dollar market. STSECURE products and solutions, from STMicroelectronics, protect privacy and assets by ensuring confidentiality, integrity, and availability to authorized requesters where and when needed. ST provides certified hardware and software solutions, enables seamless integration of security features, and specializes in cryptography and device architecture.
