Application context and security requirement The rapidly growing connectivity of vehicles is opening numerous opportunities for new features and attractive business models. At the same time, the potential for cyber-attacks on vehicle networks is also growing. Such attacks threaten the functional safety of the vehicle and could cause financial damage.
Challenge Vehicles consist of numerous interconnected electronic control units (ECUs) with numerous internal and external interfaces. The overall system only works if the software executed on the ECUs and the data transmitted between ECUs is protected against manipulation.
Implementation The solution requires multiple layers of security mechanisms. The foundation is provided by microcontrollers which are equipped with security cores e.g. Aurix Hardware Security Module (HSM). They provide hardware acceleration for cryptographic primitives such as Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC) as well as protected storage of cryptographic keys. Based on these capabilities Vector is providing software and drivers for these HSMs that enable higher level security mechanisms such as secured boot, secured communication or secured diagnostic access.
User benefits: Vehicle Electrical/Electronic (EE) architectures which integrate cyber security mechanisms offer the following benefits: ›Only authentic software updates can be installed and executed on the ECUs ›Communication between the vehicle and cloud services is protected against cyber attacks ›Manipulation attempts to the inter ECU communication are detected ›Services provided by the vehicle are protected against unauthorized access ›Security anomalies can be recorded for forensic analysis ›Efficient access to crypto primitives and key management to implement customer specific use cases
Solution
To achieve defense in depth, the Vector security mechanisms are operating on different logical levels: ›Secure Platform: The Crypto primitives which are accessible via a crypto stack allow an ECU to perform cryptographic operations such as encryption or signature verification. If crypto primitives are supported by HW they allow for protected storage of cryptographic keys and better performance of cryptographic operations. Secured boot checks the integrity of the bootloader, application and data during startup of the ECU. Secured flashing, also known as code signing, allows to check if a software update for an ECU is authentic. ›Secure In-Vehicle Communication: To protect in-vehicle communication the authenticity and freshness of messages is checked. If required, also the confidentiality of messages can be checked. ›Secure Gateways: Critical vehicle gateways are equipped with advanced security mechanisms such as intrusion detection, firewalls or vehicle key management infrastructure. ›Secure External Communication: Additionally, the communication from the vehicle to external services is protected.
The computational and memory resources of most ECUs are still very restricted in comparison to other IT systems. This requires efficient implementations regarding the use of Random-Access Memory (RAM) and non-volatile memory for features like security event logging. Furthermore, efficient implementations are required to maximize the performance and security benefits provided by Infineon HSMs.
Solution
Main benefits of the Infineon product ›Infineon’s Aurix HSM provides the security features to enable a multi-layered security concept. ›Automotive Original Equipment Manufacturers (OEMs) and TIER1-suppliers get high quality and production-ready embedded security solutions for their ECUs. They consist of Infineon’s AURIX chips and Vector’s MICROSAR Security software components such as Crypto stack, SecOC or Ethernet Firewall and the AUTOSAR-compliant HSM drivers.
