Fast, secure file systems for autonomous vehicles from Tuxera

The amount of data generated by connected cars is rapidly growing to over 300 TB per year. At the same time, automotive systems are increasingly exposed to the connectivity needed to make cars smarter and more autonomous. And where there’s connectivity, there’s generally a way to gain access to all that data.

Whenever private, potentially sensitive data is handled, security measures must be in place to protect it from malicious attacks. Especially when several people use the same car—think car sharing, lending, or rentals—securing information such as your contacts, web browsing history, or credit card information is essential. So it makes sense that the software and hardware handling the storage of this information should have features that allow only authorized access to that data. 

How is data inside cars handled and stored?

File systems manage the data that goes to various storage devices inside connected cars. Just like what happens in your computer, file systems organize data into files, making it easy for applications to find stored data. But they also play an important role in storage read and write performance, flash endurance, data and storage interoperability, and especially data integrity, which includes security. For a file system, security means ensuring that the data it handles is not misused and/or altered by unwanted parties. One security measure that can be implemented at the file-system level is encryption.

What is file system encryption?

Encryption is commonly used to prevent unintended access to information. Generally speaking, encryption works by encoding information in a way that only authorized parties with the right “key” can gain access to it. The file system can implement encryption in different ways, each having some effect on CPU performance and processing speed. During the encryption process, factors that play a role in CPU usage and efficiency are 1) the cryptographic algorithm, and 2) the encryption implementation itself.

  1. Cryptographic algorithms can be categorized into symmetric or asymmetric. Symmetric algorithms, as opposed to asymmetric ones, use the same secret key for both encryption and decryption. Symmetric algorithms have the primary advantage of efficiency and fast execution speed.
  2.  Encryption implementations include stream and block ciphers. Stream ciphers work on encrypting small bits of data at a time, so they are generally faster than block ciphers, which encrypt large chunks of data.

How do file systems handle encryption?

Encryption can be run through software, hardware, or a combination of both. In any case, some sort of software execution is needed. A file system can perform software-based encryption on files or directories. As an example, Tuxera Flash File System encrypts file data, file names, and symbolic links (a type of file that contains references to other files or directories). We chose the AES-256 encryption algorithm for Tuxera Flash File System—or Advanced Encryption Standard (AES) with a 256-bit key. This option has several advantages: 

  1. AES in general is one of the most accepted encryption standards, meaning it is a fitting choice for use in automotive software.
  2. AES is a symmetric cryptographic algorithm, so that generally entails less CPU to execute.
  3. The mathematical strength of a 256-bit key makes it virtually impossible to hack by attacking the algorithm itself. This means it’s a great choice for very sensitive files stored in today’s smart cars. 

However, there is a potential cost for using such a strong encryption method. The AES algorithm is very fast and efficient, despite its status as a block cipher. But choosing such a strong cipher key (256-bit) requires more computational power. This could potentially drag down the CPU running the encryption algorithm.

How can hardware-accelerated encryption increase performance?

In cases where performance is a concern, or when a customer would have a specific requirement, the hardware can instead be used to accelerate the cryptographic algorithms. Benchmarks show that hardware-based encryption acceleration could be anywhere from a couple to several orders of magnitude faster than a purely software-based equivalent. Not to mention, research indicates that hardware-accelerated encryption makes it even more improbable an attacker can access the data.

That’s where Arm fits nicely into the picture. When our customers use processors with Armv8 architecture, we can configure our file system to use the Armv8 Cryptography Extensions. The Cryptography Extensions are special CPU instructions that give the software a sizable performance boost from the hardware to execute the process. In this way, the file system can keep the required level of read-write performance and provide rock-solid security measures to protect the data saved to the storage.

Although we’re unable to disclose any specific information about customer benchmarks, this is something we’re testing in our own R&D lab. However, some informal results online suggest that the Armv8 Cryptography Extensions do make an impact. One developer reports a speed boost of nearly 18 times with the hardware extensions enabled. When performance and safety are both critical requirements—which is increasingly the case in automotive applications—using hardware-based encryption acceleration may be worth the effort in implementation.

As we reach new levels of autonomy, the amount of data being generated, stored, and transmitted over wireless connections will only increase. At the same time, more critical systems within the car are becoming connected with each other and the outside world, bringing new challenges on how we keep data protected and vehicles secure. Tuxera’s file system encryption technology provides an effective solution to these security challenges, helping to enable the next generation of autonomous vehicles.

Visit Tuxera’s website to learn more about their file system software: Tuxera website.

To see the full list of our automotive ecosystem partners, please visit our Arm Automotive Developer Community (AADC) page below.

Visit AADC

Anonymous