New features in the car require electronic control units that are networked, with each other and the cloud. Embedded IT security is a vital aspect in that. That goes for assistance systems, updating software over the air (SOTA) and autonomous driving functions. Infineon Technologies AG and Elektrobit Automotive GmbH are teaming up long term to work closely together on the issue of cybersecurity for vehicles. The companies offer a perfectly coordinated hardware-software solution that boosts the performance of on-board communication and satisfies current and future security requirements. It is based on the second generation of the multicore microcontroller family AURIX from Infineon and, tailored to it, Elektrobit’s zentur HSM solution.
The microcontrollers from the AURIX family control communication processes, carry out monitoring and security tasks, and support security protocols in the vehicle. Every TC3xx microcontroller now has an integrated hardware security module (HSM), where the keys are generated and stored securely. The HSM uses hardware-based symmetric and asymmetric encryption algorithms as well as hash functions (AES-128, ECC 256, SHA2). As a result, the HSM not only enhances protection against manipulation, but also ensures a significant increase in speed. Thanks to hardware support, hash calculation (SHA256) is around 150 times faster than with a pure software solution.
That has a direct impact on RSA signature verification – an advantage when there are large volumes of data, as in applications such as SOTA and autonomous driving. The hardware-software combination – AURIX and EB’s zentur HSM – also enables more than 100 signature verifications per second (with ECDSA secp256r1, for example). In a current software implementation of RSA signatures, verification can take several seconds – depending on the key length and size of the data.
“AURIX microcontrollers are key components in current and future vehicles,” says Thomas Böhm, Senior Director, Chassis & ADAS Microcontrollers at Infineon. “The combination of AURIX and a coordinated software stack will ensure greater IT security in the vehicle and deliver a sharp increase in performance for system suppliers.”
The hardware-software solution is AUTOSAR-compliant with regard to the latest 4.3 stack and prior versions such as 4.2 and 4.0. That means it is easy to implement and integrate EB’s zentur HSM software in existing projects.
Secure Boot is the basis for all subsequent security functions. It is a time-critical function that demands a great deal of computing power, since the individual control units must log on to the network in a very short space of time. When the systems are booted, the memory contents are checked for any manipulation. Thanks to the hardware-software solution, CMAC values of 62 MB/s are achieved. Elektrobit’s software stack, which has been tuned specially to AURIX and the HSM, thus allows 1 MB of data to be checked in 16.2 ms. No other vendor in the industry achieves that performance, which is two-and-a-half-times the best value recorded to date.
“The growing complexity of software and steadily increasing number of on-board systems and sensors that communicate with each other in a vehicle mean that efficient security mechanisms to prevent unauthorized external access are indispensable,” says Martin Schleicher, Executive Vice President Business Management at EB. “Thanks to Infineon’s hardware know-how and our experience in developing software security solutions, we’ve jointly been able to create an ideal solution that protects control units reliably.”