Intelligent Compute Engines Driving Today’s Automobiles Need Better Security

Securing access to ECUs and the CAN bus is becoming a major focus in automotive.


Driving a modern car or truck today is like driving a complex computer system which has the capability to transport people and freight from a geographic point to another through the road infrastructure and, to do so, it just happens it has an engine and wheels.

With automotive systems moving towards consolidation of workloads, there is a need and benefit of having faster networking throughput and more compute power, particularly with high-end ADAS (Advanced Driver Assistance Systems) and autonomous driving. The concept and requirement of zero defects is clearly a welcome must for modern vehicles, as it’s aimed to assure safety. The function of today’s automotive vehicles remains the same, but innovative technology is dramatically improving every component of the whole while adding new safety capabilities. Electronics in the form of ADAS is certainly among the most innovative elements in safety.

The backbone of electronics in modern cars is the CAN-bus (Controller Area Network) that connects the many ECUs (Electronic Control Units), composed of MCU, memory and interfaces, that direct functional operations of the vehicle. Data are exchanged among the ECUs through the CAN-bus.

After the experimental and successful hacking events of the last few years (that accessed unsecured ECUs connected to the cellular network and took full control of the vehicle from a remote computer), secure access to the ECUs is increasingly becoming a major focus of developers and standard bodies.

How can the access to the ECUs and to the CAN-bus be made secure? Securing the CAN-bus requires data encryption. To secure access to ECUs, however, one-time programmable (OTP) memory is a perfect solution once the concept of “root of trust” becomes standard for ECUs.

At that point, the security keys (almost certainly based on public-key cryptography), or the “root of trust” required for verifying updates/changes to the MCU software, can be stored in the OTP, which is architected to be inherently secure to hacks and attacks. Moreover, the keys can be changed any time if the OTP capacity is chosen to allow updates of its content.

Kilopass OTP provides the highest level of resistance from side-channel as well as physical attacks. It is the storage mechanism used today in millions of set-top boxes for securing the keys to broadcast content.