Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Controls/MCUs

Guarding automotive systems against tampering

Posted: 07 Jan 2016     Print Version  Bookmark and Share

Keywords:driver assistance  digital storage  CAN bus  authentication  encryption 

Charging electric vehicles is another consideration. Directly billing the energy costs from the charging station via the user's energy bill would be an attractive option. This requires a secure identification of the vehicle and the user. In addition, energy consumption data must be tamper proof, too. For a user-friendly implementation, this information could be exchanged immediately after connecting the charging cable without any further user intervention.

Protecting electronic infrastructure
As mentioned above, the infotainment system provides the central interfaces that can be used to access the vehicle's on-board electronic infrastructure.

Having an operating system, infotainment systems must be booted following a reset just like a PC. If the boot process is not authenticated, it is easy for attackers to start up the system with a different, compromised boot software to get access to the entire system infrastructure.

The JTAG debug port is another easily accessible system interface. Used for test and debug purposes, it also opens the door to the SoC (System-on-Chip). If this interface is left open, it is easy for hackers to enter the system.

Hackers can also use hardware interfaces or wireless ports to gain access to a system. Installed 'malware' can compromise the operating system in order to copy sensitive data or to install malicious software for this purpose.

The CAN interface has often been compromised in the context of the infotainment system and has been used by hackers for attacking vehicles. Many tools are available in the market for analysing unencrypted CAN data. Although AES encryption can relieve this problem, it does not cover the aspect of recording data to replay it at a later time. Timestamping the encrypted data is required in order to solve this problem.

SoC-based security mechanisms
Basically, there are three means to protect electronic systems and data against unauthorised access: Authentication, Integrity Check and Encryption.

Authentication means that only software signed by the originator can be executed on a system.

Integrity ensures that the software has not been changed, i. e. that no code sections were removed, added or modified.

Encryption makes data readable only for persons having the suitable key.

All three of these basic methods are used in infotainment systems.

Infotainment systems are protected using an asymmetric security mechanism. A public key, which is stored in the SoC, is used as the basis for all safety-relevant actions.

Therefore, only software signed with the correct private key can be executed on the device. In addition to the authenticity check, programs are also checked for completeness and modifications.

The JTAG port, which can be used during the development phase, is fully disabled at the manufacturing stage. During development, it is possible to restrict the access privileges of the developer groups to the sections required for developing their programs.

From the MCU operating system, a specifically defined software API (Application Programming Interface) is required to access the MCU's protected section (ARM TrustZone), where all safety-relevant tasks are executed.

Today's highly integrated SoCs are available in two variants: a GP (General Purpose) and a HS (High Security) derivative. The HS derivatives provide a comprehensive security infrastructure meeting the requirements outlined above.

Hardware accelerators including the AES accelerator (Advanced Encryption Standard), the RNG (Random Number Generator) and the PKA (Public Key Accelerator) provide support for encryption and decryption tasks in order to increase the CPU cores' availability for application-related tasks.

The ARM TrustZone included in the two Cortex A15 cores has been enhanced by a security infrastructure providing a secure section. This includes ROM and RAM and an access to the secure hardware modules and the symmetric and asymmetric keys.

Using this comprehensive hardware infrastructure and the software components, it is possible to provide the infotainment system and the gateways with full state-of-the art protection against any unauthorised external access.

Automobiles are increasingly equipped with new functions and control units operating with sensitive data. Therefore, the security requirements to protect against unintended accesses and manipulations will become more widespread und developed.

Just as the ISO 26262 safety standard was created based on necessity, a new standard for cyber security can be expected to emerge in the near future. The definition of SHE (Secure Hardware Extension) and EVITA (E-safety Vehicle Intrusion Protected Applications) represent initial approaches in this field. Connected vehicles, car-to-x projects and autonomous driving will make security a high-priority issue in automotive E/E systems.

About the author
Dipl.-Ing. Ralf Eckhardt is System Application Engineer at Texas Instruments.

 First Page Previous Page 1 • 2

Comment on "Guarding automotive systems against ..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top