Protecting Automotive SoCs Starts With Secure IP
The automotive industry is changing. Cars are becoming more and more sophisticated and valuable with increased connectivity and capabilities to deliver a better user experience. They also collect and transmit more and more sensitive data and thus become very attractive targets for attacks. Cybercrime in the automotive industry is growing rapidly. How bad is that? According to the AV-TEST Institute, the number of malware targeting automobiles increased to around 1.1 billion at the end of 2020, from around 65 million in 2011. Year-over-year growth in auto hacks since 2016.
Cyber ââsecurity is a critical and urgent need that OEMs must address, and it is important that they do so early in the design cycle. Although the automotive sector has not been as regulated as other industries, the environment is changing rapidly with more and more regulations, standards and guidelines, such as:
- 29 regulations published by the UNECE (United Nations Economic Commission for Europe) mandate for cybersecurity management systems for new vehicles. Regulations require OEMs to manage cyber risks, secure vehicles by design, detect and respond to security incidents, and provide safe and secure live software updates.
- ISO / SAE 21434, a new standard scheduled for publication in 2021, specifies process requirements for managing cybersecurity risks of road vehicle systems. The processes covered include the entire life cycle from design, development, production, operation and maintenance to decommissioning.
- SAE J3101 specifies hardware-protected safety requirements for land vehicle applications. SAE J3101 includes a comprehensive view of safety features and corresponding use cases, as well as applications that must be supported to meet a vehicle’s safety needs.
- NHSTA (National Highway Traffic Safety Administration) Cyber ââSecurity Best Practices Report recommends a multi-layered automotive cybersecurity approach. NHSTA focuses on vehicle entry points that could be vulnerable to cyber attacks, such as wired and wireless connections designed for human or machine interfaces.
While automotive safety is essential and should be approached from the start starting with systems on a chip (SoC), it should also be approached with safety in a holistic way. In addition to the systematic and random faults addressed by the ISO 26262 functional safety standard, secure automotive systems must be able to handle malicious attacks that can occur in unpredictable ways. Designing security in automotive SoCs from the hardware level with a secure and secure Hardware Security Module (HSM) IP with root of trust will help ensure that connected cars behave as expected, prevent random faults, and systematic and to repel malicious attacks.
Automotive IP HSM solutions
The foundation of security is a thorough defensive strategy to secure a vehicle. At the heart of every software program is the hardware on which it runs. To ensure that an SoC has not been compromised, the hardware must be able to assess its own integrity upon exiting the reset. Then, when deemed secure, it can bring up the network that ultimately forms the intelligence inside the car that will eventually connect to the outside world. In addition to ensuring that the SoC starts safely and is protected, the SoC must be able to prevent random and systematic faults and meet strict security requirements.
The ASIL B Compliant IP HSM for Automotive (Figure 1) includes a comprehensive trusted security base and automotive documentation (security manual, DFMEA / FMEDA / DFA scan reports, quality manual, development interface, and security case reports) as well as hardware security mechanisms that protect the SoC against malicious security attacks while preventing random and systematic security breaches. Safe and secure IP can include a wide range of security mechanisms such as dual core locking, ECC memory, register EDC, parity, watchdog, self-checking comparators, bus protection and MPU and dual rail logic. The IP HSM can also incorporate an ASIL D compatible processor, such as the low power ARC processor IP, to run secure applications and cryptographic processing. SoC designers are looking for IP to include features such as:
- Fully programmable solution that provides the trusted hardware foundation for a system and protects against evolving threats with high level security
- Safety mechanisms for ASIL B compliance for random faults and ASIL D compliance for systematics
- Scalable Symmetric / Asymmetric / Hash / MAC cryptography acceleration from custom processor instructions to crypto cores with side channel protection
- Processor that includes an MPU for controlling memory access permissions
- Secure external memory controllers with side channel (DPA protection) to provide confidentiality and integrity protection of unreliable external memory, as well as runtime tamper detection
- NIST SP800-90c Compliant Random Number Generator
- Multiple secure key servers for secure key distribution within the SoC
- Compliance with EVITA Full / Medium / Light material requirements
- Power, clock and reset management
- Software including secure applications such as SDK, NIST Validated Cryptography Library, Runtime Library, Device Drivers, and Reference Designs
- Development and manufacturing tools
Fig. 1: Key features for safe and secure SoCs.
HSM IP for Automotive must provide a Secure Execution Environment (TEE) to protect sensitive information and processing at the SoC level. HSMs must implement critical security functions required throughout the device lifecycle, such as:
- Secure boot which validates the integrity of the host processor software and data and is used to ensure that it is only running trusted firmware. Besides integrity and authenticity, Secure Boot Service also supports privacy through optional decryption of firmware images.
- Secure update enables field firmware updates based on secure identification and authentication, with optional encryption.
- Secure authentication is essential to ensure that one or more of the upstream and / or downstream devices communicating with the target device are trustworthy. To ensure this trust, a mutually agreed upon authentication scheme is required. The HSM can ensure the integrity of various authentication protocols as well as the confidentiality of secrets shared between devices.
- Secure debugging Allows authentication with an external host using a secure protocol to allow local debugging on a device. Only trusted and authenticated developers are allowed to access the debugging system.
- Secure storage protects the device’s application data. The HSM provides a secure path to encrypt and decrypt application data for storage in untrusted locations, preventing attackers from reading or modifying it.
- Key management keeps the secret key material inside the trusted hard root. The use of keys is permitted and managed by permissions and policies at the application layer. Additionally, key generation, import, and export are controlled by trusted HSM application software without access to application keys or other less reliable processors in the system.
Connected cars are evolving rapidly with more innovation and new applications for ADAS / autonomous driving, V2X and infotainment. With the amount of hardware and software content allowing for greater automation, cars present many potential security vulnerabilities and are the target of an increasing number of cyber attacks. To avoid security breaches, OEMs require both data protection and chip-level security. Automotive systems must meet high level safety and must also meet functional safety standards, which means implementing safety functions to ensure that functional safety cannot be impaired. Without security, there is no security, and vice versa. Secure systems must be able to handle unpredictable inputs that would create unacceptable behavior. Designing security in automotive SoCs from the hardware level will help ensure that connected cars behave as intended, are able to protect against malicious security attacks, and are able to prevent random and systematic security flaws. .
Synopsys is uniquely positioned in the market with the safe and secure automotive standards-compliant tRoot HSM IP that aligns with the latest technology requirements and cybersecurity guidelines and enables SoC designers to quickly implement security required in their chips with low risk and fast time to market. In addition to tRoot HSMs with Root of Trust, Synopsys provides a broad portfolio of highly integrated security IP solutions that utilize a common set of standards-based building blocks and security concepts to enable the most efficient silicon design and the highest levels of security for a range of products in the cloud computing, automotive, digital home, IoT and mobile markets.
Dana Neustadter is Senior Product Marketing Manager for IP Security at Synopsys. She holds a master’s degree in engineering. and B.Sc. in Electrical Engineering from the Technical University of Cluj-Napoca.