Preventing malicious attacks while mitigating systematic and random faults.
With advances in hardware and software, smart vehicles are improving with every generation. Capabilities that once seemed far-off and futuristic—from automatic braking to self-driving features—are now either standard or within reach. However, as vehicle architectures evolve, the ways that both security and safety can be addressed at the system-on-chip (SoC) level also must evolve.
Cars are increasing in connectivity and complexity. With over-the-air updates, 5G connections, and vehicle-to-vehicle communication, more data is moving between cars, servers, and infrastructure – bringing a potential threat of valuable information being intercepted by hackers or attackers.
Attacks on connected cars can come in many forms (figure 1). For example, attackers can get the unique ‘key’ information from keyless car systems with vulnerabilities, allowing easier car break-ins; cars can be hacked by a virus downloaded to a phone that is then connected to the infotainment system; or automotive chips with poor security can run in a test or debug mode that allows unauthorized users with physical access to obtain enhanced privileges on the system. Adding cybersecurity protection into vehicles helps to protect automotive electronic systems, communication networks, control algorithms, software, users, and underlying data from malicious attacks, damage, unauthorized access, or manipulation of the system.
Fig. 1: Highly connected vehicles offer many attack surfaces to hackers.
In addition, almost every automotive chip now requires some level of functional safety capabilities. Meeting functional safety standards in the vehicles’ electrical/electronic systems helps to make sure everything works the way it’s supposed to while protecting the passengers. Meeting the ISO 26262 standard helps to ensure the absence of unreasonable risks due to hazards caused by malfunctioning behavior of electrical/electronic systems. To meet ISO 26262 functional safety standards, designers need to address both systematic faults and random (permanent or transient) hardware faults.
Systematic faults are applicable to both hardware and software and are introduced through the development of the hardware and software modules. Systematic faults can be prevented by a rigorous IP/SoC development process. On the other hand, random hardware faults occur unpredictably during the lifetime of the device. Permanent random faults persist indefinitely (or at least until repair) after their occurrence, e.g., an alpha particle flipping a bit. Redundancy and continuous checks that are carried out during mission time can be built into the system to mitigate random faults.
Because of the evolving security threats combined with new standards and market requirements, designers are looking for a clear path to incorporate both security and safety into their SoCs. However, the complexity of new designs means that adding functional safety features and security features as discrete functions might not result in an optimal solution. Developing SoCs for safety-critical and secure automotive applications requires both protection against malicious attacks and functional safety capabilities from the start. Addressing both functionalities from the design stage and from processor selection will enable a new generation of safe and secure cars.
Companies need to treat the security and the safety aspects of new automotive SoCs holistically. The SoC needs to protect the system from malicious attacks while preventing systematic and random faults and meeting the most stringent safety requirements.
Synopsys’ ASIL D Compliant DesignWare ARC SEM130FS Safety and Security Processor IP helps designers to protect safety-critical systems against software, hardware and side-channel attacks. The processor’s ASIL D compliance covers both random (transient and permanent) hardware faults and systematic faults with a comprehensive set of automotive documentation. The ARC MetaWare Toolkit for Safety with ASIL D Ready certified compiler generates ISO 26262 compliant code (figure 2).
Fig. 2: Synopsys ARC SEM 130FS Safety & Security Processor block diagram.
The ARC SEM130FS Safety and Security Processor provides integrated security features for embedded applications where protection from logical, hardware and physical attacks is an essential element, in addition to high performance and minimum power consumption.
The SEM130FS Processor offers a set of features to provide hardware enforced software security, including trusted execution environment hardware implementations, memory protection unit to stack and code protection, and secure custom instructions to add flexibility into the SoC design. These logical protection features include:
From a first glance, physical attacks might not seem as important as remote attacks in the automotive space. However, there are several reasons why physical attack countermeasures are mandatory in automotive SoC designs. Side channel attacks are one type of physical attack, where potentially sensitive information can be retrieved by monitoring the signals from the electronic devices present in the car or attackers accessing the automotive system via the debug port. The ARC SEM130FS Processor provides a set of protective features to avoid physical tampering attacks:
In addition to extensive security features, the ARC SEM130FS Safety and Security Processor simplifies development of safety-critical applications and accelerates ISO 26262 certification of automotive SoCs by providing an ASIL-D certified compliant solution with all the necessary hooks and safety mechanisms needed in in the automotive environment. These key features include:
The DesignWare ARC SEM130FS Processor, as well as the rest of the DesignWare ARC Functional Safety Processors, go above and beyond the processor IP itself by supporting a comprehensive safety documentation to ease the SoC certification process. Some of these safety documents include:
To complement this, the ARC SEM130FS Safety and Security processor is also supported by the MetaWare for Safety Toolkit which facilitates the development of ISO 26262-compliant software. The MetaWare compiler toolchain is ASIL D certified and includes a safety manual and a safety guide to help developers meet the requirements of the ISO 26262 standard and prepare for compliance testing of their safety-critical systems.
A combination of safety and secure capabilities within the automotive SoCs has now turned into the next-generation trend to address the new automotive cybersecurity requirements for potential malicious attacks as well as the mitigation of systematic and random faults in the functional safety space. In order to ensure these connected cars behave as it is expected, the safety and security features should be architected from the design/hardware stage in a holistic manner.
Synopsys DesignWare ARC SEM130FS Safety and Security Processor IP meets these demands by offering an ASIL-D compliant processor protecting from both systematic and random faults while at the same time providing all the security capabilities to enable trusted execution environment, side-channel attack resistance, and physical tamper detection to meet the new requirements in the next-generation automotive designs. The DesignWare family of processors also provide more than the processor IP by enabling the SoC developers with a comprehensive set of functional safety documentation as well as an ASIL-D certified compiler to facilitate the development of an ISO 26262-compliant software.
Leave a Reply