The Automotive industry is undergoing a revolution. Electrification of vehicles and autonomous driving are pushing forward an already big demand on embedded electronics for the automotive industry. This technological boom translates into more electronic devices into the cars, replacing a multiplicity of functions by their electronics counterpart.
This tendency to replace functions formerly ensured by e.g. mechanical or pneumatic means by electrical means is often called X-by-wire. Since those electronic implementations now tend to replace even the most critical vehicle functions, an eventual malfunction may have catastrophic consequences, even threatening human lives.
Consequently, the safety requirements associated to those electronics devices have drastically increased. This resulted in the standardization of functional safety approach described in the ISO 26262 series.
The ASIL scale is defined in this ISO 26262 series. The amount of risks a device is exposed to is quoted on this scale by evaluating the exposure, likelihood and severity and ranking it on a scale from ASIL A (low risk) to ASIL D (high risk). This level defines the safety level the device must attain.
The measures to put in place for each ASIL level must be evaluated and adapted to the context of each device, and a one-recipe-fits-them-all strategy is likely to lead to difficulties and promises tough adaptation times.
To maintain risk as low as possible, two types of failures must be analysed and reduced down to acceptable levels: systematic failures, when one specific cause will always lead to a failure, and random hardware failures, when unpredictable events may lead to various failure modes.
The systematic failure prevention takes the developer through cautious development and code analysis in order to detect as much failure modes as possible, using for example failure analysis methods.
The random hardware failure prevention implies reducing the probability of hardware faults through the usage of hardened hardware and mechanisms that prevents those failures or their propagation in the system up to a point where it may lead to a disaster.
Those two safety aspects also come with the need for security: imagine if someone changes the program of the car, initially for e.g. better performances, and leads to an unsafe state, with added risks. Worse, what would happen if a malicious person manipulates the embedded software to steal the car, for blackmailing purpose, or with other bad intentions.
Secure-IC and Securyzr to reach up to ASIL D level:
This is why the need for safety always leads to embed security features. The first required functions being integrity and authenticity insurance, quickly completed by cyphering, secure boot, secure update, and more…
Secure-IC, the Security Science Company, is a well-known specialist in embedded security and accompanies its clients through their whole ISO 26262 development cycle throughout a unique “PESC” approach: Protect, Evaluate, Service and Certify. Through this approach, Secure-IC is able to accompany its clients from the specification phase up to the certification support and through supply of security IPs.
Even if those IPs may be supplied as standalone, the best approach is to use an integrated Secure Element, such as Secure-IC’s Securyzr, providing all the security features.
Securyzr development methodology meets the highest security standards, including code analysis with dedicated tools, design coverage and test coverage analysis. This methodology comes in pair with full support to safety documentation relative to ASIL risk analysis, FMEDA or FMEA failure mode analysis.
Securyzr ready for ASIL D:
Securyzr is a fully integrated yet fully customisable safe and secure integrated Secure Element: it is tailor-made and adapted to every client and every context. Depending on the requirements, Secure-IC’s Securyzr may embed a complete set of countermeasures in order to raise the safety level and prevent random hardware failures:
- CPU embedded in the Securyzr may embed lockstep to prevent from random error or fault injections. Additionally, Secure-IC partners with an ASIL D CPU supplier and may embed this CPU for additional safety.
- Memories embedded in the Securyzr may embed error corrections codes (ECC or EDC), and may support read-after-write function to detect any writing error
- Securyzr is protected against failures originated from environmental changes and adverse conditions using internal digital sensors
- Spatial or temporal redundancy may be implemented
- Watch dogs and timers may be implemented in the Securyzr to prevent abnormal execution times
- Finally, all of our IPs embed self-tests to ensure at boot time and/or on a regular basis that it functions normally.
The full integration of all those security functions simplifies the certification process since it may allow for independent certifications of the security subsystem and the host system.
Being both integrated and custom ensure a perfect fit to client needs at no extra complexity.
Secure-IC tools and services for ASIL projects success:
Securyzr also comes with a tailor-made, hand-in-hand support to certifications, including close follow up and full documentation support for both security and safety certifications success. Securyzr has already been successfully deployed in several automotive projects, including ADAS, V2X communications, gateway or infotainment applications.
Other areas where Secure-IC can be instrumental in security standards are examples such as ISO/SAE 21434, the future Car-2-Car PP and EVITA. Those support to certification services are part of our dedicated Expertyzr product line, and may be completed by preliminary support services. To be in phase with the ISO 26262 workflow where the safety need has to be taken into account from the very beginning of the project, we propose support services starting as early as the project definition phase, trainings to make your team gain autonomy on those topics and advanced embedded security watches, provided via The Security Science Factory.
Those IPs and services offers are completed by internally developed tools, Analyzr, Catalyzr and Virtualyzr, that are used by Secure-IC to make sure that the potential consequences of random hardware failure or environment-induced faults are contained. Those tools may also be provided either to be used in-house for an evaluation being carried out at each important development step, or through an Evaluation as a Service plan where Secure-IC’s team carries out the evaluation.
With this complete portfolio of IPs, services and tools, your security and safety needs will encounter their solutions at Secure-IC.
Secure-IC website: www.secure-ic.com
For more information on this topic, you can reach the Secure-C team here: https://www.secure-ic.com/please-get-in-touch/