With CycurHSM 2.x, automotive security provider ESCRYPT has developed a software stack that gives hardware security modules on ECU microcontrollers significantly more IT security functions than before. Enabling secure authorization procedures to be set up for automotive applications is just one feature of the new security software.
Today, hardware security modules (HSMs) are the means of choice for protecting vehicle networks against unauthorized access and manipulation. They work by physically encapsulating the IT security functions on the chip of the ECU, and they are activated and operated by means of a preinstalled HSM software stack that is tailored precisely to the application. HSMs offer a number of advantages, such as allowing the ECU’s host controller to devote its full power to its own tasks. HSMs also offer ECU manufacturers and automakers a powerful plug-and-play security solution that they can easily adapt to their own security requirements.
Manufacturer-specific HSM firmware variants
CycurHSM 2.x establishes a new generation of HSM software. ESCRYPT’s new security solution supports all typical use cases, including secure on-board communication, runtime manipulation detection, and secure booting, flashing, logging, and debugging. But that’s not all. It also offers a multitude of new functionalities and possibilities. For example, it can be used to set up secure communication channels (e.g. TLS) using key exchange protocols based on elliptic curve cryptography. CycurHSM 2.x also provides point-to-point (ECDH) and point-to-multipoint (ECBD) protocols, and the security software supports X.509v3 certificates and thus the creation of trust chains. In conjunction with its trusted boot function, CycurHSM 2.x enables secure authorization of automotive applications such as secure diagnostics.
CycurHSM 2.x is available for current microcontrollers from Infineon, STMicroelectronics, and Renesas. The security software, which is already being installed on vehicle platforms for major automotive manufacturers in large-scale production, is generally geared towards securing advanced electrical system architectures featuring microprocessors equipped with HSMs. Working in cooperation with the OEMs, ESCRYPT also supplies variants of CycurHSM 2.x that are tailored specifically to the requirements and specifications of the individual manufacturer.