Infineon Technologies AG and Elektrobit Automotive GmbH are teaming up long term to work closely together on the issue of cybersecurity for vehicles.
The companies are offering a hardware-software solution that is said to boost the performance of on-board communication and satisfies current and future security requirements.
It is based on the second generation of the multicore microcontroller family AURIX™ (TC3xx) from Infineon and, tailored to it, Elektrobit’s zentur HSM solution.
The microcontrollers from the AURIX family control communication processes, carry out monitoring and security tasks, and support security protocols in the vehicle.
Every TC3xx microcontroller now has an integrated hardware security module (HSM), where the keys are generated and stored securely.
The HSM uses hardware-based symmetric and asymmetric encryption algorithms as well as hash functions (AES-128, ECC 256, SHA2).
As a result, the HSM not only enhances protection against manipulation, but also ensures a significant increase in speed. Thanks to hardware support, hash calculation (SHA256) is around 150 times faster than with a pure software solution, claim the companies.
That has a direct impact on RSA signature verification – an advantage when there are large volumes of data, as in applications such as SOTA and autonomous driving.
The hardware-software combination – AURIX and EB’s zentur HSM – also enables more than 100 signature verifications per second (with ECDSA secp256r1, for example).
In a current software implementation of RSA signatures, verification can take several seconds – depending on the key length and size of the data.
“AURIX microcontrollers are key components in current and future vehicles,” says Thomas Böhm, Senior Director, Chassis & ADAS Microcontrollers at Infineon.
“The combination of AURIX and a coordinated software stack will ensure greater IT security in the vehicle and deliver a sharp increase in performance for system suppliers.”
The hardware-software solution is AUTOSAR-compliant with regard to the latest 4.3 stack and prior versions such as 4.2 and 4.0. That means it is easy to implement and integrate EB’s zentur HSM software in existing projects.
Secure Boot is the basis for all subsequent security functions. It is a time-critical function that demands a great deal of computing power, since the individual control units must log on to the network in a very short space of time.
When the systems are booted, the memory contents are checked for any manipulation. Thanks to the hardware-software solution, CMAC values of 62 MB/s are achieved.
Elektrobit’s software stack, which has been tuned specially to AURIX and the HSM, thus allows 1 MB of data to be checked in 16.2 ms. No other vendor in the industry achieves that performance, which is two-and-a-half-times the best value recorded to date, claims the company.
“The growing complexity of software and steadily increasing number of on-board systems and sensors that communicate with each other in a vehicle mean that efficient security mechanisms to prevent unauthorized external access are indispensable,” says Martin Schleicher, Executive Vice President Business Management at EB.
“Thanks to Infineon’s hardware know-how and our experience in developing software security solutions, we’ve jointly been able to create an ideal solution that protects control units reliably.”