Security anchored in hardware provides the highest level of protection.
Automotive systems, and the semiconductors used within them, are some of the most complex electronics seen today. The radical transformation from an isolated mechanical car to a connected software-driven car is driving the increased use of semiconductors in vehicles: these include advanced driver assistance systems (ADAS), electrification, and enhanced driver/passenger experience.
More connectivity, networking, and software are needed to support all these features, but of course, this comes with additional design complexity, as well as major safety and security considerations. There have been more than 900 publicly reported automotive security incidents since 2010, and this number is growing year over year. Security guidelines such as SAE J3061 and cybersecurity regulations such as UNECE UN R155 drive the need for vehicle layered security protection and defense in depth in the designs. No security compliance to UN R155 means no market entrance and thus no business! The automotive industry recognizes the ISO/SAE 21434 as the standard to showcase readiness for UN R155 compliance.
When designing a security architecture, one should always start with a TARA, i.e., threat analysis and risk assessment. This assessment starts by determining cybersecurity goals and claims, identifying the various vulnerable systems and attack surfaces, and results in cybersecurity requirements and specifications for hardware and software development.
Cars used to be designed as a closed system with fewer attack surfaces, but this is not the case anymore. In today’s automotive designs, many interfaces exist, each with their own attack surface and associated potential threat. There are many internal networks, such as CAN, FlexRay, LIN, Ethernet, and there are external ports like ODB-II, USB, and even EV charger ports. In addition, we have wireless communication channels used for telematics, firmware updates, location services, 5G, and cloud-to-car communications. All these interfaces are potential attack surfaces.
The influential “The Seven Properties of Highly Secure Devices” from Microsoft lists a hardware Root of Trust as a key component of security. A Root of Trust is a building block that is inherently trusted and starts the chain of trust needed to ensure that a device boots securely. To ensure the trust anchor, the Root of Trust must be secure by design. It is logically isolated from the host environment and executes software on a dedicated security core with protected memory as the boot core. It is enriched with multiple protection mechanisms and layers against side-channel and fault injection attacks.
For automotive designs, there are additional properties required for the Root of Trust, or Embedded Hardware Security Modules (eHSM) as they are known. These properties include certificate-based authentication, renewable security, and failure reporting.
In addition, automotive solutions should be implemented with hardware and software safety mechanisms to protect against malicious security attacks and random and systematic safety faults. These automotive solutions should be supported with a complete suite of ISO 26262 automotive documentation, including a safety manual, DFMEA/FMEDA/DFA analysis reports, and quality manual.
The Rambus RT-640 is a secure programmable Root of Trust IP specifically designed with automotive security use cases in mind. The ISO 26262 ASIL-B certified RT-640 offers a full featured embedded HSM design. It combines a secure 32-bit RISC-V CPU, dedicated secure memories, and local non-volatile memory with cryptographic hardware engines, such as a true random number generator (TRNG), a secure hash and HMAC engine, a symmetric cipher accelerator, a DPA-resistant asymmetric cipher accelerator, DPA resistant key derivation, glitch detection, and a hardware firewall—all extended with ISO 26262 ASIL-B safety mechanisms in the hardware as well as software implementation. Rambus automotive solutions are backed by industry recognized security and safety certificates and are supported by ISO 21434 certified Rambus professionals.
In conclusion, security anchored in hardware provides the highest level of protection. It is essential to provide both ASIL functional safety and state-of-the-art security to protect vehicle-to-vehicle and vehicle-to-infrastructure (V2X), ADAS, and infotainment applications.
Resources:
 |
 |
 |
 |
 |
 |
 |
 |
 |
Leave a Reply