Securing ADAS At The Chip Level

Modern vehicle architectures are opening new avenues for attackers.


The advent of ADAS, Advanced Driver Assistance Systems, is making a dramatic impact on new vehicles. It provides many helpful functions such as automotive night vision, forward collision warnings, collision avoidance, and lane departure warnings. In order to operate, ADAS requires the computerization of most of the functions of the vehicle. This results in from 50 to over 100 electronic control units (ECUs) in modern cars. All these ECUs must work in harmony to provide ADAS functions.

In addition, infotainment has also evolved to a point where passengers can now watch full-length movies or connect to the internet from the car. The emergence of electric vehicles, now over 10 million units worldwide, adds to the complexity of new architectures. Finally, autonomous driving and autonomous vehicles are emerging and require advanced artificial intelligence functions to operate properly.

Improvement of traffic conditions and reduction of injuries and fatalities are a great concern for government entities. To meet these goals, municipalities are deploying vehicle-to-everything communication systems to improve the vehicle’s awareness of its environment. Those communications include communication between vehicles, between vehicles and infrastructure such as traffic lights or railroad crossings, between vehicles and the network, and between vehicles and pedestrians. The aim is to improve driver safety by making the vehicle and its passengers more aware of their environment.

All these technologies and improvements increase the attack surface for hackers to exploit. Leading automotive OEMs have made headlines because their cars were remotely accessed from miles away by hackers, or because they were vulnerable to unlocking due to weaknesses in their telematic network. Hackers have also reprogrammed cars by exploiting a vulnerability in the browser used by the information display, or have hijacked cars using man-in-the-middle attacks. This is just a subset of the possible exploits made possible with new modern vehicle architectures.

To address these security issues, we start from the threats. These can be classified in five different categories that lead to a corresponding set of solutions. The categories are 1) cloud-to-car connections, 2) ECUs, 3) in-vehicle networks, 4) external devices and networks, and 5) vehicle-to-vehicle and vehicle-to-infrastructure communications.

In the case of cloud-to-car connections, secure protocols such as TLS can provide the correct identification of both parties, the vehicle and the entity in the cloud, to prevent attacks. In the case of ECUs, it is essential to equip all those units with Root of Trust components to provide secure boot, secure firmware upgrades, secure debug, and other security functions. In the case of in-vehicle networks, protecting the communication between two entities with protocols, such as MACsec or IPsec, is required or highly recommended. For vehicle-to-vehicle and vehicle-to-infrastructure communication, many messages are broadcast between all the vehicles participating in those exchanges. All those messages have to be properly authenticated to make sure that the information is not forged or malicious.

Rambus automotive semiconductor security solutions can safeguard ADAS with security anchored in hardware. We can protect ECUs and CPUs with root of trust solutions that operate as secure hardware security modules (HSMs). We’ve discussed that we could have up to a hundred ECUs operating in a modern vehicle. To function properly, all those ECUs have to run with the firmware intended by the manufacturer. In addition, it must be ensured that the firmware not be tampered with during operation. A root of trust can provide the assurance that firmware is valid and can be securely updated when needed. We have root of trust variants for both ASIL-B (RT-640) and ASIL-D (RT-645) that are specifically designed for the functional safety requirements of ISO 26262.

Automotive Ethernet is now increasingly used in modern vehicles because of the high bandwidth, up to one gigabit per second, it supports. This is required for ADAS or self-driving functions when LIDAR, radar, and camera data are being exchanged, and with Automotive Ethernet, less cabling is required than with legacy network protocols, which saves weight. Automotive Ethernet derives from classic Ethernet with hardening for EMI resistance. As with classic Ethernet, MACsec can be used to secure the communications between sensors and processors, with encryption (optional) of data and authentication of frames transmitted. Rambus MACsec protocol engines embedded in networking chips can protect these communications from tampering or spoofing.

Root of trust solutions and MACsec protocol engines are just two examples of the broad portfolio of security solutions that Rambus offers to provide end-to-end security of ADAS and other advanced automotive electronic systems. ADAS, infotainment, and V2X systems deliver an increasing array of benefits to drivers and passengers in modern vehicles. But their advanced features build on additional complexity that increases the attack surface for hackers, making design for security an essential tenet for modern vehicles. With Rambus as a partner, automotive chip and system manufacturers can deliver all the benefits with the assurance of security anchored in hardware.

Additional Resources:

Leave a Reply

(Note: This name will be displayed publicly)