Production Key Server: “Digital immunization” for ECUs
IT security for connected vehicles starts with the electronic control unit, or ECU. This is where the cryptographic key material must be stored to enable the secure transfer of data. ESCRYPT has developed a security solution that equips vehicle ECUs with the automaker’s OEM-specific key material during the production process. The smart combination of efficient key management and a Production Key Server is now used all around the world.
When it comes to protecting against hacker attacks, vehicle ECUs quite literally play a key role. Cryptographic keys enable ECUs to authenticate themselves and legitimate the exchange of data both within the vehicle’s electrical system and externally. Implementing this solution is particularly challenging, however, since the ECUs for the various vehicle platforms must first be provided with the OEM-specific key material and certificates – ideally during the ECU manufacturer’s production process.
ESCRYPT’s integrated key distribution and integration solution
As a specialist in automotive security, ESCRYPT offers a security solution consisting of a key management system (KMS) and a Production Key Server (PKS) that can be seamlessly integrated into existing plant infrastructures. First, data packets containing the OEM-specific key material provided by the respective automaker are uploaded to the KMS. The key material is stored centrally, cyber secured and distributed as needed to the various production sites, where it is stored on the Production Key Servers. Connected end-of-line testers then call up the individual key packets from the PKS in the plant and “inject” them into the individual ECUs during production in a kind of “digital immunization” process. Finally, depending on the application, the production verification files are sent from the PKS back to the OEM via the central KMS backend. In this way, car manufacturers can be certain that their key material data has been correctly assigned to the vehicle ECUs.
Secure key storage without a permanent internet connection
One major advantage of this solution is the symbiosis of security and availability: the Production Key Servers are only occasionally in contact with the backend – to synchronize the data, perform any updates, and create sufficient buffers of cryptographic data. In other words, they do not require a permanent stable internet connection and are thus largely immune to potential online attacks. At the same time, decentralized storage of the keys in the plant ensures that there is always enough key material to equip the ECUs with, avoiding production downtime.
Numerous ECU production plants worldwide already use this process of incorporating key material for various automotive manufacturers, and for good reason. The secure and precise parameterization of vehicle ECUs by cryptographic keys ultimately forms the basis of almost all other vehicle cyber security features.