Insight: Developing a QRNG ECU for automotive security: Experience of

About the Authors and This Research

This paper represents a collaboration between industry and academia at the frontier of automotive cybersecurity hardware. Oliver Maynard, a researcher at Crypta Labs, brings hands-on engineering perspective on quantum-based entropy sources for IoT and connected vehicle applications. Co-author Nga Nguyen (h-index: 4, 187 total citations) contributes substantial academic grounding in embedded systems security and formal verification methodologies. Siraj Shaikh, a senior professor at Coventry University's Centre for Cyber Security and Privacy, has long focused on the security architecture of connected and autonomous vehicles (CAVs). Although the paper carries a relatively modest citation count of 8, the citations concentrate precisely in vehicle encryption and ECU security testing methodology—indicating specialized, depth-over-breadth impact.

For Taiwan's automotive electronics executives, the significance of this work lies not in its citation volume but in its rarity: it is among the very few early-stage studies that conducted prototype ECU security testing in an actual vehicle environment rather than a controlled laboratory setting. This methodological choice provides a credibility benchmark that many compliance frameworks—including ISO/SAE 21434—explicitly demand but seldom see fulfilled in industry practice.

QRNG ECUs: Why Entropy Quality Is a Core Automotive Cybersecurity Issue

The paper's central thesis targets a layer of automotive cybersecurity that is often invisible in threat modeling: the randomness quality of cryptographic operations within ECUs. Secure communication between vehicle ECUs—whether over CAN Bus, automotive Ethernet, or V2X channels—depends on cryptographic keys and nonces whose security strength is fundamentally tied to the unpredictability of their underlying random number sources. Conventional pseudo-random number generators (PRNGs) used in resource-constrained embedded systems carry an inherent vulnerability: if an adversary can predict or reconstruct the seed value, the entire encryption architecture collapses regardless of the algorithm's theoretical strength.

Key Finding 1: Real-World Vehicle Environments Expose Gaps That Laboratory Testing Cannot Detect

The research team designed a testing methodology specifically adapted to the QRNG ECU prototype and deployed it under actual in-vehicle conditions, including electromagnetic interference (EMC), power supply fluctuations, and temperature variation. Their findings reveal a significant discrepancy: cryptographic randomness tests that pass under controlled bench conditions can exhibit measurable performance degradation in a real vehicle's electrical environment. For Taiwan's ECU manufacturers, this carries a direct compliance implication. ISO/SAE 21434, particularly its Chapter 10 cybersecurity validation requirements, specifies that test environments must sufficiently approximate real operating conditions. A validation package built solely on bench-test results may not satisfy audit scrutiny under TISAX or UNECE WP.29 R155 Annex 5 threat category coverage assessments.

Key Finding 2: QRNG Demonstrates Advantages Over PRNG, but Integration Challenges Remain Unsolved

The paper confirms that the QRNG ECU prototype outperforms traditional PRNGs on key statistical randomness metrics, including components of the NIST randomness test suite. However, the authors are candid about unresolved engineering challenges: integrating a quantum entropy source into existing CAN Bus or automotive Ethernet architectures without compromising real-time performance remains an open problem as of the paper's publication in 2019. This intellectual honesty is precisely why the paper deserves careful reading by technical decision-makers. Rather than presenting a market-ready solution, it provides a rigorous prototype evaluation that sets the methodological standard for how automotive cryptographic hardware should be tested and documented—a standard directly applicable to ISO/SAE 21434 TARA asset documentation requirements.

Implications for Taiwan's Automotive Cybersecurity Practice

Taiwan's automotive electronics supply chain currently operates at the intersection of three converging pressures. UNECE WP.29 Regulation 155 (R155) requires OEMs to manage cybersecurity throughout the supply chain lifecycle, including at the component level. ISO/SAE 21434 mandates Threat Analysis and Risk Assessment (TARA) from the concept phase, requiring all assets—including cryptographic sub-components—to be explicitly identified and evaluated. TISAX certification has become a practical market-access prerequisite for entering European OEM supply chains, with assessment criteria that directly interrogate cryptographic management practices.

Within this context, the paper's contribution is to surface a specific, previously underspecified attack surface: the randomness quality of ECU cryptographic modules. Taiwan suppliers conducting TARA under ISO/SAE 21434 should explicitly enumerate random number generation mechanisms as independent third-tier assets, assess their failure modes under realistic electromagnetic environments, and map coverage against UNECE WP.29 R155 Annex 5 threat categories. Suppliers still relying on unvalidated PRNGs in ECUs responsible for secure communication may carry undisclosed technical vulnerabilities in their TARA documentation. Furthermore, the European Commission's March 3, 2026 draft guidance on the Cyber Resilience Act (CRA) reinforces cryptographic requirements for digitally connected products, including automotive communication modules—a development Taiwan's vehicle electronics exporters must monitor in parallel.

How Winners Consulting Services Helps Taiwan Enterprises Act on These Insights

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) supports Taiwan's automotive supply chain in achieving TISAX certification, implementing ISO/SAE 21434 standards, and meeting UNECE WP.29 cybersecurity regulatory requirements. Based on the findings of this research, we recommend the following three-step action framework for Taiwan suppliers:

1. Enumerate Cryptographic RNG as an Independent TARA Asset: In your existing ISO/SAE 21434 TARA process, explicitly identify ECU cryptographic modules—including their random number generation sub-components—as distinct assets. Assess their failure modes under EMC and power-fluctuation conditions, and verify coverage against UNECE WP.29 R155 Annex 5 threat categories. This initial inventory can typically be completed within 30 days as part of a gap assessment.
2. Design Integrated Vehicle-Environment Validation Procedures for Cryptographic ECUs: Referencing the testing methodology framework presented in this paper, develop validation plans for cryptographic communication ECUs that incorporate real-vehicle electrical environment conditions—EMC interference, power supply variation, and operating temperature ranges. Ensure test documentation aligns with ISO/SAE 21434 Chapter 10 validation requirements and can be presented as supporting evidence in TISAX assessment packages.
3. Conduct a 90-Day EU CRA Impact Assessment for Vehicle Electronics Exports: The EU CRA draft guidance published on March 3, 2026 introduces enhanced cryptographic compliance requirements for products with digital elements, including automotive communication modules. Taiwan's vehicle electronics exporters should complete a CRA readiness assessment within 90 days to identify product lines requiring cryptographic design strengthening, avoiding future market access complications.

Frequently Asked Questions

Why is ECU cryptographic random number generation quality often overlooked in ISO/SAE 21434 TARA processes?

In practice, engineering teams conducting TARA under ISO/SAE 21434 tend to treat "encrypted communication" as a single consolidated asset, inadvertently bypassing the sub-component level where vulnerabilities like weak random number generation actually reside. This paper's real-world testing results demonstrate that PRNG predictability risks escalate measurably under actual vehicle electromagnetic conditions—a finding that standard bench testing does not capture. Taiwan suppliers should revise their TARA asset identification methodology to explicitly enumerate cryptographic RNG mechanisms as third-tier assets, assess their attack feasibility under UNECE WP.29 R155 Annex 5 threat categories, and document test evidence that reflects in-vehicle operating conditions as required by ISO/SAE 21434 Chapter 10.

What are the most common non-conformities related to cryptographic mechanisms in TISAX assessments for Taiwan suppliers?

Based on assessment practice observations, TISAX evaluations of Taiwan automotive suppliers most frequently surface three cryptographic non-conformities: first, absence of documented key management procedures that map to TISAX ISA cryptographic management control requirements; second, use of deprecated or insufficiently robust cryptographic algorithms (e.g., algorithms not meeting current AES-256 or ECDSA standards); and third, incomplete test records for cryptographic components that cannot demonstrate reliability under the target operating environment, including EMC conditions. The real-world testing methodology presented in this paper directly addresses the third category and can serve as a documentation template for corresponding ISO/SAE 21434 Chapter 10 validation evidence in TISAX assessment packages.

What are the core TISAX requirements and what does a realistic implementation timeline look like?

TISAX (Trusted Information Security Assessment Exchange), developed by the German Association of the Automotive Industry (VDA), maps its core requirements to ISO/IEC 27001 with automotive-specific additions including prototype protection, connected vehicle security, and supplier management. A realistic implementation follows four phases: Phase 1 (1–2 months) covers ISA questionnaire self-assessment and gap analysis; Phase 2 (3–4 months) involves designing and implementing management controls to close identified gaps; Phase 3 (1–2 months) conducts internal review and documentation preparation; Phase 4 is the formal TISAX assessment by an authorized provider such as TÜV or DEKRA. Total timeline is typically 7–12 months. Co-implementing with ISO/SAE 21434 is strongly recommended for resource efficiency, as the two frameworks share significant documentation and control overlap.

How should Taiwan SME automotive suppliers evaluate the cost-benefit of cryptographic enhancement and TISAX compliance?

For Taiwan automotive suppliers with 50–300 employees, TISAX certification direct costs typically range from approximately NTD 800,000 to 2,000,000, depending on current security maturity and assessment scope. Cryptographic enhancement engineering costs vary by product complexity but can often be absorbed within scheduled product revision cycles rather than requiring standalone investment. The benefit case is straightforward: entry into European OEM Tier 1 supply chains generally requires TISAX Level 2 or above as a formal procurement prerequisite. Under UNECE WP.29 R155, OEMs are required to manage supply chain cybersecurity, meaning suppliers without auditable security mechanisms face increasing exclusion risk from new vehicle model programs post-2025. A phased approach—TISAX certification within 12 months, mechanism internalization within 24 months—provides the most defensible risk-adjusted investment framework.

Why engage Winners Consulting Services Co. Ltd. for automotive cybersecurity (AUTO) matters?

Winners Consulting Services Co. Ltd. (積穗科研股份有限公司) is among Taiwan's rare consulting firms with integrated capability across ISO/SAE 21434 standard implementation, TISAX certification preparation, and UNECE WP.29 regulatory interpretation. Our consultant team combines automotive electronics engineering and information security backgrounds, enabling us to translate academic research insights—such as this paper's QRNG testing methodology—directly into executable compliance action plans. We support Taiwan suppliers through the full cycle: TARA design, gap analysis, control implementation, and TISAX audit preparation, with full Mandarin-language advisory to minimize learning curve. Our complimentary initial diagnostic allows enterprises to understand their compliance baseline and prioritize actions before committing to a formal engagement.

積穗科研股份有限公司（Winners Consulting Services Co. Ltd.）は、台湾の自動車サプライチェーン企業に向けて重要な技術的警鐘を鳴らします。2019年にMaynard、Nguyen、Shaikhらが発表した論文は、量子乱数生成器（QRNG）を搭載したECUプロトタイプを実際の車両環境でテストした世界初級の実証研究であり、ISO/SAE 21434準拠とTISAX認証を推進する台湾Tier 1・Tier 2サプライヤーにとって、直接的かつ実行可能な示唆を提供しています。