Navigating Complexity And Enhancing Security In Advanced Automotive Systems

As the automotive industry advances towards higher levels of Advanced Driver Assistance Systems (ADAS), the complexity of vehicles is growing at an unprecedented rate. Modern vehicles are equipped with an increasing array of ADAS sensors, sophisticated algorithms, powerful processors, advanced in-vehicle networks, and millions of lines of software code. These components are crucial for processing raw data, generating intelligence, and making informed decisions.

Advanced ADAS systems now use between 30 and 50 smart sensors, including cameras, radars, LiDARs, and ultrasonic sensors. These sensors produce large volumes of raw data, which powerful processors then fuse to create an accurate digital representation of the environment. The ADAS system must then make decisions that are robust, reliable, and swift. Therefore, it is crucial to establish a safe and secure, end-to-end ADAS and data processing system, from the sensing module to the actuators.

Attacks that target the input or platform used for sensing pose significant risks. These attacks could involve injecting additional data into the sensing module, manipulating the processing algorithms, disrupting the generated data, or bypassing sensors to feed false data. Such actions can compromise the system’s integrity, leading to incorrect intelligence, false positives, and wrong decisions, which in turn can endanger drivers and pedestrians.

It is essential to have robust and reliable internal networks and communication channels for seamless data exchange between sensing modules, processing units, and actuators. Any disruptions in timing or data integrity, availability, and freshness could be catastrophic, potentially causing the system to fail to respond to hazards. It is equally important to protect memory and buffers, especially in resource-constrained sensing platforms with limited security capabilities.

Sensor fusion and perception systems require rapid and accurate processing. Hence, safeguarding AI inference algorithms, training algorithms, and training datasets is crucial to prevent tampering or replacement, which could lead to misclassification and dangerous decisions.

Automakers are also incorporating Over-the-Air (OTA) update capabilities as part of secure lifecycle management to ensure ADAS features and AI inference algorithms remain up to date. However, OTA updates can be vulnerable to malicious attacks, exploiting open interfaces. Therefore, secure and well-protected update mechanisms are essential to manage and mitigate future risks, ensuring the continuous safety and integrity of connected and complex vehicles throughout their lifespan of 10-15 years.

As with any complex system, no solution can be completely impervious to sophisticated cyberattacks. In cybersecurity, a defense-in-depth approach and multi-layered security are essential to protect the vehicle’s electronic and electrical (E/E) architecture, as well as the data exchanged between ADAS systems.

This approach complements the principle of security-by-design, where each design layer contributes to the overall security and ensures that security capabilities are passed on to subsequent layers. It starts with a secure hardware foundation, which includes essential security features such as secure storage, secure boot, and secure processing. This secure foundation is integrated into System-on-Chip (SoC) modules in smart edge sensors (e.g., cameras, LiDARs, radars) that communicate through secure channels to domain controllers and high-performance computing units for data processing. Ultimately, data is transmitted to infrastructure, cloud services, and other vehicles through secure gateways and telematic control units.

The Rambus RT-64x Root of Trust is a family of secure, programmable embedded Hardware Security Modules (eHSMs) in a silicon IP form factor. The modules are designed specifically for automotive applications; they are certified against ISO 26262 ASIL-B and ASIL-D standards and comply with ISO/SAE 21434. The modules establish the foundation for a chain of trust, enabling the next layers to inherit the trust anchor provided by the certified eHSM, build on its security capabilities, and maintain control over the implemented safety and security, all while embedded in their integrated silicon chip. In addition, the certified modules offer robust protection against various types of failures, including permanent, transient, and latent faults, as well as hardware and software attacks. They utilize advanced anti-tamper and security techniques to ensure high levels of resilience, robustness and reliability. Additionally, customers can expedite their product certification by utilizing the safety support package and evidence accompanying the safety certificate, such as Failure Modes, Effects, and Diagnostic Analysis (FMEDA) and safety manuals, enabling them to reduce their development cost and certification risk while enhancing time to market. For more detailed information on the RT-64x product family, visit the Rambus website.