Silicon Root Of Trust IP And The Automotive Chain Of Trust

New regulations make security risk management non-negotiable.


Cybersecurity attacks in the automotive industry have increased in magnitude, frequency and sophistication in recent years. According to IDC, there have been more than 900 publicly reported automotive security incidents since 2010, and this number is growing year over year. New attack vectors are emerging all the time. For example, attacks on the EV charging infrastructure reached 4% of total incidents in 2022 and are expected to grow in the coming years.

Unlike other industries, cybersecurity has remained unregulated in the automotive industry for decades, with automotive cybersecurity frameworks, guidebooks and best practices being strong recommendations and guidelines only. Authorities, such as the United Nations Economic Commission for Europe (UNECE), have begun to introduce new regulations specifically developed to address cybersecurity-related risks in the automotive industry. These regulations provide the framework for fostering a security-first mindset and adopting security by design engineering principles.

The UN R155 regulation on cybersecurity came into force in 2021 and has set the framework for vehicle cybersecurity in UNECE member countries, becoming mandatory for all new vehicle types for type approval in July 2022 and for all new vehicles in July 2024. UN R155 specifies that OEMs demonstrate security due diligence and compliance with cybersecurity engineering requirements. The OEM also has the burden of proof of supply chain cybersecurity management. For the first time in the industry, UN R155 makes security risk management non-negotiable. No compliance means no market entry and, therefore, no business.

UN R155 holds OEMs accountable for demonstrating cybersecurity due diligence and risk management. However, since a considerable proportion of cybersecurity-relevant components come via suppliers, OEMs will shift this responsibility and accountability to suppliers demanding due diligence and support evidence. ISO 21434 is this standard recognized by the automotive industry as the reference for meeting the UNR 155 regulation requirements. Cybersecurity-relevant components that are assessed and certified according to ISO 21434 will be recognized and adopted by OEMs and integrated in the overall cybersecurity case required for type approval. If required, the standard will also serve as the rationale in court, in case of an incident or hack.

Like with any complex system, no solution is ever completely secure or bulletproof against sophisticated cyber-attacks. Multi-layered security and defense in depth strategy is a cybersecurity core pillar for the automotive industry to effectively protect the data and assets within the vehicle. This goes hand in hand with the security by design principle, where every design layer contributes security protection and passes security capabilities to the next layers for a stronger, overall security posture of the vehicle.

The chain of trust starts at the silicon IP level, which implements core security mechanisms and features that enable security services such as secure boot, secure storage, secure debug, and secure update, etc. The next layers in both hardware and software can leverage these capabilities and build on top of those functionalities, enhancing the overall vehicle security. A security first culture, security-oriented process, and secure supply chain complete the defense in depth strategy.

A hardware Root of Trust is the security foundation for a semiconductor or electronic system. Any secure function the device or system performs relies fully or partially on that Root of Trust. With hardware immutability and trustworthiness, a Root of Trust provides the trusted foundation that the system and the application can use to build their protection and implement the required confidentiality, authenticity, integrity, and other security properties and attributes.

The Rambus RT-640 Root of Trust is a secure programmable Root of Trust IP designed with automotive use cases in mind. It is ISO 26262 ASIL-B certified and provides the foundation for the chain of trust in the automotive supply chain. It enables customers to inherit the trust anchor provided by certified Root of Trust, build on top of the Root of Trust security capabilities, and have maximum control and ownership of the implemented chain of trust. In addition, customers can fast track the certification of their product by leveraging the safety support package and evidence that comes with the safety certificate, such as the failure modes, effects, and diagnostic analysis (FMEDA) and safety manual.

Join me at the Rambus Design Summit on July 19 to find out more about recent developments in automotive cybersecurity and see a use case on how the RT-640 Root of Trust can be used to secure automotive over the air updates.


Leave a Reply

(Note: This name will be displayed publicly)