Hardware security modules: True security comes from within
Effective vehicle protection begins right in the ECU. Hardware security modules (HSMs) anchor security functions directly in the ECUs’ main processors. Combined with security software stacks, they prevent unauthorized access of in-vehicle communications and vehicle control.
IT security functions are physically encapsulated in hardware security modules, integrated chips that are designed especially for IT security applications. Several of today’s leading chip manufacturers such as Infineon, ST Microelectronics, Renesas, or NXP produce HSMs tailored for use in vehicles. With the help of their own processor cores, these HSMs provide all the main IT security functions required for automotive use cases: a 128-bit AES hardware accelerator, a true random number generator (TRNG) to generate key material, hardware-protected storage of cryptographic keys, flash and debugging functions, and the HSM’s own RAM that is separate from system memory.
Tailored security software
This kind of HSM does not truly “come to life” until activated by a secure software stack. If the HSM is the nucleus of vehicle IT security, then HSM security software is its genetic code. ESCRYPT provides this in the form of its CycurHSM security firmware, which is specifically tailored to automotive HSMs from a range of manufacturers. CycurHSM links the existing hardware security peripherals to the relevant HSM and host controller applications. The firmware also implements a comprehensive cryptographic library on the HSM, including symmetric and asymmetric encryption mechanisms and additional HSM-based security functions, and contains the AUTOSAR-compliant and non-AUTOSAR-compliant interfaces required to integrate HSMs into standard vehicle ECUs.
Multifunctional and easy to implement
Hardware security modules offer far more powerful features than purely software-based solutions. Since the HSM security functions are physically encapsulated, the ECU host controller can focus entirely on its own tasks. Combined with the HSM security software, this approach yields a turnkey solution with numerous advantages:
- A powerful hardware/software co-design platform for customer-specific applications with high-performance encryption requirements
- A standardized API interface to access the HSM
- Fully programmable – can be configured to meet specific needs thanks to its modular structure
- Multicore support
- Execution of customer-specific applications in supervisor or user mode
This feature set enables the HSM software stack to support a broad array of security use cases, the most important of which are: secure booting, runtime manipulation detection, secure flashing, secure log function, and secure debugging.
New generation of HSM firmware
The development of HSM hardware and software is progressing rapidly, and an increasing number of microcontrollers for ECUs now come with an automotive-specific HSM as standard. Meanwhile, ESCRYPT is steadily improving its HSM software (CycurHSM). The latest generation of CycurHSM offers even more user-friendly and differentiated options for implementing customized IT security functions in ECUs. Thanks to the new HSM firmware, users can easily configure them via the applet manager plus activate individual security features using the variant management system. The ASPICE-compliant software also comes with a flexible keystore architecture.
End-to-end protection is the name of the game when it comes to securing connected vehicles and their increasingly automated driving technologies. By anchoring IT security functions within the most fundamental components of digital vehicle functions – in other words, within the microprocessors of individual ECUs – hardware security modules play a key role.