Hardware-Based Cybersecurity For Software-Defined Vehicles

As vehicle technology advances, so does the complexity of the electrical/electronic systems within these smart vehicles. A software-defined vehicle (SDV) relies on centralized compute and an advanced software stack to control most of its functionality, from engine performance to infotainment systems. SDVs are becoming more important as automakers look to improve vehicle performance, reduce emissions, and develop autonomous driving technologies, with a common reusable hardware infrastructure. SDVs are the platform for many new and improved driving experiences. They are equipped with many advanced ADAS features such as lane assist, auto braking, GPS navigation systems, and self-driving capabilities.

However, the increased level of technology in these vehicles also presents a complex range of safety and security concerns. There is an urgent business need to address cybersecurity in SDVs, as the connected car market is set for strong growth (figure 1).

Fig. 1: Technavio market research report: Global Connected Car Market 2023-2027.

At the recent 2023 SAE World Congress, a traditional automotive industry conference, the keynote was given by Dipti Vachani, Senior Vice President and General Manager of Automotive at Arm. Vachani discussed the pervasiveness of hardware and software across multiple industries, and just how important understanding the capabilities of software in vehicles is to the future of automotive and how critical it is for the hardware suppliers to provide safe and secure hardware systems.

You don’t have to look too far for examples of leading technology areas in the mobility sector where software innovation is happening. Vachani cited electrification, autonomy, and user experience as just a few developing areas where evolving the code is essential. Also, as artificial intelligence and machine learning are further ingrained into our way of life, Vachani explained it’s crucial to focus on software updates and how they affect the modern vehicle.

Vachani went on to talk about the four pillars required to achieve the SDV: good standards, new methodologies, vehicle system simulation, and industry collaboration. However, all four have the overarching requirements of safety and security (figure 2).

Fig. 2: Four pillars required to achieve a software-defined vehicle.

Safety and security for the SDV

Security is of paramount importance in software-defined vehicles. These vehicles are highly connected and exchange a lot of data between various components, sensors, and networks. Being run on a common compute, an attack on one interface could give access to the vehicle’s advanced control systems. As such, any vulnerability of the system can lead to dangerous scenarios ranging from minor glitches to fatal accidents. Some the scenarios include:

1. SDVs are always connected to the internet, which makes them vulnerable to cyber-attacks. An attacker can use this vulnerability to gain unauthorized access to critical systems such as the engine or brake management systems, which can result in a catastrophic failure.
2. SDV technology can be used to steal personal data such as credit card information, GPS data, and even the driver’s identity. Hackers can use this data to carry out malicious activities or sell it on the black market. This can be especially threatening to drivers who store their personal data in the vehicle systems.
3. SDVs rely heavily on data processing and analysis, which means that data must be protected from external sources such as hacking or phishing attempts that can alter or corrupt the decision-making process. This can lead not only to a breakdown of the vehicle’s systems but also to accidents.
4. SDVs are part of a larger ecosystem of connected devices, such as smartphones and smart homes, which means that a breach in the vehicle’s system can pose a threat to other connected devices, making the spread of malware and cyber-attacks more widespread.

The Secure-CAV Consortium, collaborative project that aims to improve the safety and security of tomorrow’s connected and autonomous vehicles (CAVs), offers concrete examples of hacks. One is a mobile network attack in which an attacker tries to infect the Telematic Control Unit with tampered firmware. This uses a “man in the middle” type of attack to make an over-the-air firmware update. If successful, hackers could intercept telematics traffic using GSM and can spoof the SMS commands, sending direct commands to the device. The consequences range from the hackers gaining access to the infotainment unit, to denial-of-service attacks against emergency services, to controlling the engine, transmission, or brakes.

Cybersecurity solutions for SDVs

Cyber risk management is guided by a number of standards and regulations and involves a layered defense in depth approach that touches on safety, security, and reliability throughout the silicon lifecycle. What is a cybersecurity lifecycle? It includes the product concept, development, production, operation, maintenance, and end-of-life for electrical and electronic systems.

While the functional safety risk landscape is essentially static for a given function, the security threat landscape is very dynamic – the type and complexity of cyber security attacks change throughout the lifecycle of the vehicle. There is no single solution that’s easy to implement. This is the compelling reason to develop security technology that is extremely dynamic and adaptable to whatever future threats present their selves. A challenge to this goal lies in how to know what solutions will be dynamic and adaptable and in how to test the solutions.

The Secure-CAV platform

The Secure-CAV Consortium has developed a flexible and functional architecture for real environment trials to train, test, validate, and demonstrate automotive cybersecurity solutions. The goal is to faithfully and accurately reproduce the behavior of a real vehicle while also being reconfigurable, portable, safe, and inexpensive to construct. The testbed gives the cybersecurity researchers and engineers comprehensive security evaluation of in-vehicular network components providing:

• Integration of Siemens EDA IP in an FPGA implementation for ECU behavior monitoring
• Support for multi-component architecture and a range of on-board communication protocols (including CAN and Automotive Ethernet)
• A ‘plug-and-play’ facility for client ECUs (which may be telematics units, sensors, infotainment systems, in-cabin connectivity, and body modules)
• A traffic scenario simulator to generate sensor data and connectivity supporting threat use cases being demonstrated
• Configurability for repeatable test scripts, and an interface for packet injection and tracing, to support attack vectors
• A data repository for data captured from emulated sensors, vehicle simulator, CAN/Automotive Ethernet payload, FPGA, and attached ECUs for visualization, test calibration, and machine learning. The repository could be in-cloud for remote analysis or on local storage.

The Secure-CAV automotive cybersecurity testbed includes a car simulator, an on-board network simulator, a field-programmable gate array (FPGA) system, a physical network, data storage, and a real car’s instrument cluster. Most of the vehicle architecture and its CAN bus network is realized within a virtual environment using Vector CANoe network simulator. The data collected can be analyzed and used to update the embedded monitors on the FPGA (figure 3).

Fig. 3: The Secure-CAV architecture.

The IP and anomaly detection software in the Secure-CAV demonstration vehicle monitors protocols and transactions at the lowest level in hardware (figure 4). This is backed by unsupervised machine learning algorithms and statistical analysis, with expert input from the University of Southampton. This was integrated into FPGA technology and linked to two vehicle demonstrators developed by teams at Coventry University and cybersecurity specialists Copper Horse. A range of selected real-world threats has been exercised, including purchasing and analyzing hacking equipment for existing vehicles.

Fig. 4: The Secure-CAV demonstration rig.

Embedded IP (Tessent Embedded Analytics) used for on-chip data collection forms the underlying foundation of the Secure-CAV system. The embedded IP can also be designed into automotive devices themselves, to monitor the device through its lifecycle, providing the underpinning layers of a defense in depth strategy. Not only do these embedded IP detect potential threats through structural and function monitoring, but they can take action to block them. Here’s a partial list of the security features addressed by Tessent Embedded Analytics:

1. Secure boot – Hardware monitoring technology can be used to check a prescribed boot sequence has been executed as expected. This ensures that both the hardware and software are as intended.
2. Attestation – Similar to secure boot, functional monitoring can be used to generate dynamic signatures that represent either a hard or soft configuration of a specific IP or IC in a system. This confirms again both the accuracy of the expected hardware and its configuration. This approach can be used to provide either a single identity token or a system wide collection of tokens.
3. Secure access – As with all systems, it is critical that communication channels in and out of the device are secure and, in many cases, configurable based on different levels over required access.
4. Asset protection – Active functional monitoring can be a critical part of any defense in depth strategy against the dynamic cyber-threat landscape. Based on a detailed threat analysis, selection and placement of functional monitors within the device provide extremely low latency threat detection and mitigation.
5. Device lifecycle management – Automakers need to be able to monitor the health of the IoT devices throughout their active life cycles, from manufacture through to decommissioning. Functional monitoring and sensors play a significant part in monitoring device health over their life cycle.

The data collected from automotive devices in the field are part of a larger automotive lifecycle scheme that includes fleet management, embedded software, a cloud platform, and product lifecycle management. This data can be used to analysis many aspects of a systems functional behavior as well as detecting anomalies caused by cyber security attacks (figure 5).

Fig. 5: Some types of data captured with Tessent Embedded Analytics monitors.

As the SDV market grows and governments legislate liabilities for autonomous and connected cars, automakers will need to deploy efficient solutions to ensure the safety and cybersecurity of these sophisticated vehicles. As part of a multi-layered security approach, hardware-based solutions like Tessent Embedded Analytics provides not just strong protection, but data collection and analysis needed to respond to dynamic threat environments.