By Abhineet Bhojak, Rajesh Gupta, Jeetendra Gupta (Freescale Semiconductors)
With the advent of IoT and increasingly interconnected and autonomous nature of a vehicle’s control modules, there has been an exponential increase in V2V, V2X and inter vehicular communications. This in turn increases the attack surface for hackers which demands state-of-art security features in modern automotive microcontrollers, moreover safety and security go hand in hand. The security features target prevention against physical attacks, restrict access to confidential data of customer as well as car manufacturer, authentication and protection of various electronic control systems and enable secure communication via physical or wireless interface.
To achieve reliable security the industry works in way where there is a cohesion between designer and security standards organization to design, verify, and prototype an architecture for automotive networks where security-relevant components are protected with different tamper detection and protection schemes and sensitive data are protected with various cryptographic algorithms .For acceleration there is a suitable partitioning between security hardware and software and a secure zone inside the SoC is defined with a hardware co-processor ,secret storage and processing .
Today’s available solutions of dedicated hardware security modules (HSM) for embedded systems include Secure Hardware Extension (SHE), E-safety Vehicle Intrusion Protected Applications (EVITA) and the Trusted Platform Module (TPM). The SHE specification defines a set of functions and a programmer’s model that allows a secure zone to coexist within any electronic control unit installed in the vehicle. The main features are encryption and decryption algorithms that application code can access through the API, storage and management of security keys. EVITA defines the three different levels of security implementations namely full, medium and light. The main objective of EVITA is finding a suitable partitioning of SW and HW security as software is not secure enough for today’s eSafety applications .It defines a hardware co-processor with Secure storage and processing and high throughput achieved with hardware acceleration .Another important approach to realize hardware security are security controllers. These are standard embedded systems with security enhanced memory management and processer extensions to provide an isolated runtime environment as secure and non secure mode (e.g., ARM® TrustZone®).The National Institute of Standards and Technology (NIST) has issued the FIPS (Federal Information Processing Standards) which defined encryption algorithms (e.g., advanced encryption standard) and other data security standards.
The intricate embedded systems inside the car are prone to various security attacks following are some examples:
On board and external communications: The confidentiality of existing software/firmware as well as updates and security credentials shall be ensured. Some applications might additionally require that part of the traffic they receive or send internally or externally should remain confidential. Another challenge is to ensure privacy of personal data such as PIN numbers within a vehicle or contained in messages sent from a vehicle to the outside. Cryptographic techniques based on the severity and complexity must be chosen to solve this problem.
Active physical attacks: These attacks include variation in chip’s voltage, operating temperature, clock, voltage and side channel attacks. Voltage attack technique is to disturb the computation of cryptographic functionalities by feeding glitches in the voltage supply in order to leak secret information and inferring it from erroneous result. By spiking CMOS ram with short duration high voltage pulses it may be possible to imprint the content in a manner similar to radiation imprinting .With extremely low temperatures SRAM can retain data for a long time which can be read after plugging it out. The erratic behavior may include processor missing instructions, erase circuitry failing or memory retaining data when not required.
Side channel attacks: Passive attacks predominantly use some side-channel leakage information for cryptanalysis purposes. Most of the side channel attacks are based on some statistical analysis over the data obtained from physical measurements such as timing, power consumption, EM (electromagnetic) noise. For example, a simple timing based attack involves monitoring the data movement in the cryptographic hardware. By observing the duration that the hardware takes to perform cryptographic operations, an attacker might be able to obtain the whole or parts of the secret key.
Counterfeit components: High-grade automotive spare parts are attractive targets for counterfeiters and brand pirates. Serial numbering alone is not enough to stop their illegal activities and to protect manufacturers and consumers from damage caused by pirated products. Cryptographic authentication methods are needed to make sure only genuine parts are used with the vehicle.
Mileage manipulations: Artificially lowering the mileage of a vehicle can inflate its value by several thousand dollars. The difficulty in ensuring that the digital mileage value stored in the memory is not tampered makes it impossible to assess the true value of second-hand cars, leading to a consistently high level of consumer mistrust.
Boot security: The integrity and authenticity of executing software shall be ensured otherwise the results can be catastrophic and may result in the non trusted sources taking control over the vehicle. A secure boot mechanism is a must have to authenticate the application before executing.
Building blocks for hardware security:
The scheme for enabling security in automotives is to embed security modules in MCU’s which are used in different ECU’s .These security modules contain several cryptographic keys. A basic examples of cryptography is that one modules uses one key let’s say key number N to encrypt the message and send it over CAN bus and the other MCU uses the same key to decrypt the message .There are several schemes to share the key between the two, diffie-hellman key exchange and other public key algorithms are some examples. The main components of a hardware security enabled automotive embedded systems are as follows:
Figure 1: Hardware-security-enabled automotive system architecture
Secure memory- the secure memory consists of ROM containing secret keys and unique identification numbers, RAM which acts also as key buffer and NVM flash memory (some KB) which contains the security application and data .To prevent unauthorized readout, manipulation, or deletion of critical information such as cryptographic keys, cryptographic certificates, or authentication data (such as CMAC’s and passwords) access protection via passwords and one time programmability (OTP) is utilized.
Cryptography- Following are some important cryptographic algorithms which are deployed based on different use cases:
symmetric cryptography: these includes less complex and fast Encryption and decryption algorithms(e.g. AES , DES) which protects against eavesdropping of communications by converting plain text to cipher text . They use a single secret key for both encryption and decryption.
Hash functions: These are completely public hash functions (SHA256, SHA1and MD5) which are algorithms used for message integrity check as they take arbitrary large input and give fixed length output called hash value. The main characteristic of a good hash function is that it is computationally difficult to reconstruct the input by knowing the stored hash value. Also minor changes in input must result completely different hash values.
Message authentication codes (MAC): These are used for both integrity and authenticity check. It takes a message and a secret key as input and produces a fixed-sized output which can be later on verified to match the message. The verification also requires the same secret key. This is in contrast to hash functions where everything is known and attackers are fighting against the mathematics. Some examples are CMAC, SHA1-HMAC, MD5-HMAC, UMAC, Poly1305-AES etc.
Public key cryptography: These are used for data origin verification and key exchange (e.g. by using digital signature algorithms such as RSA or ECC). The main feature of public key algorithms is that instead of using same key for both encryption and decryption, they use two separate but mathematically linked keys which are known as public and private key .The main advantage over symmetric key algorithms is that private key does not need to be shared so the chances that hacker can snoop the secret key and decrypt the massages are minimized .Another advantage is that public key enables the digital signature. For example in boot code verification the vendor can encrypt the software with a private key secured outside the MCU and if the code can be decrypted using vendor’s pubic key then it is ensured that the source is trusted. The main disadvantage is that public key algorithms have high computational requirements.
Secure functions- These are security functions other than cryptography ,This could be for instance, a physically protected clock signal with external synchronization for data time stamping or key expiry ,an internal random number generator, Secure boot and authenticated boot, or any critical application function such as Key management (e.g., key creation, agreement, import, export, status).
Control logic and interface- This implements the secure communication of security module with main core and memory by means of data buses and register programming interface. It also controls other building block of security module. It can be implemented via a state machine which is more cost effective and suitable for very high security applications with very short lifetimes. In this case cryptographic applications will need to be implemented at the application CPU level and changing state machine requires re-spin .Another approach is to use a secure processor which is a more scalable solution.
Tamper-protection-This maintains a continuous physical and logical boundary, which prevents that internal data and processes can be intercepted, copied/cloned, or manipulated yielding to non-authorized use or compromise of internal secrets. This cryptographic boundary is usually implemented with algorithmic and physical side-channel countermeasures and with dedicated tamper-protection measures (e.g., special shielding or coatings) to enable side-channel-resistance, tamper-evidence, tamper-resistance, or tamper-response.
Security features in automotives have come a long way since introduction of simple features like car alarms and keyless entry. The nature of the automobile industry and the increase in safety aware applications such as advanced driver assistance systems keep on introducing interesting security considerations. This paper gives a good detail of different security challenges and countermeasures to deal with them by focusing on both hardware and algorithmic level solutions.
M. Wolf, T. Gendrullis: Design, implementation, and evaluation of a vehicular hardware security module. In 14th International Conference on Information Security and Cryptology, Seoul, South Korea, November/December 2011
H. Schweppe, B. Weyl, Y. Roudier, M.S. Idrees, T. Gendrullis, M. Wolf: Securing car2X applications with effective hardware-software co-design for vehicular on-board networks. In 27th Joint VDI/VW Automotive Security Conference, Berlin, Germany, October 2011. VDI Berichte 2131
The EVITA Project. Homepage, Publication and Deliverable Documents online .http://www.evita-project.org/publications.html
H. Schweppe, Y. Roudier: Security issues in vehicular systems: Threats, emerging solutions and standards. In 5th Conference on Security in Network Architectures and Information Systems (SAR-SSI 2010), Menton, France, May 2010
Richard Soja, “Automotive Security: From Standards to Implementation”.
If you wish to download a copy of this white paper, click here