Architecting Secure Automotive Systems

Security concerns for all connected devices have moved to the top of the agenda for manufacturers, but in the case of automotive, where safety is paramount, and large financial liabilities exist, robust security is imperative. Arm is playing its part by driving technologies which lower the cost of implementing effective security standards.

Automotive software standards, such as AUTOSAR, have paved the way for major developments in the functional complexity of Electronic Control Units (ECUs). As a result, the industry has seen a rapid and widespread increase in the implementation of these ECUs. This deployment has facilitated the growth of functions based on vehicle-to-infrastructure and vehicle-to-vehicle communications such as e-Toll, tachographic, odometric and advanced driver assistance systems. As a result, major improvements in the efficiency and operational performance of vehicles are possible that support the creation of intelligent transportation networks.

The evolving complexity and mass deployment of ECUs has, however, enlarged the attack surface for each vehicle, while increased connectivity has enabled the scalability of exploits. This rise in vulnerability has prompted the industry to reassess the security specifications of embedded microcontrollers. Robust security measures can be expensive, however, the real question to ask is ‘How much does insecurity cost’? The lack of appropriate security jeopardises confidentiality, safety (both individual and fleet) while exposing companies to reputational risk and institutional liability.

The European Commission-funded project, E-safety Vehicle Intrusion proTected Application (EVITA), offers an architectural framework to meet the security requirements of automotive ECUs. To determine these requirements, EVITA evaluated a set of use cases, assets, threats and attack methods, relevant to automotive systems. Building on the Trusted Platform Module (TPM) specification for secure cryptographic processors, EVITA specified the design and use of Hardware Security Modules (HSMs), to act as trusted subsystems within ECU system-on-chips. This specification describes how an HSM can provide security benefits to a network of ECUs, within a vehicle.

An HSM can provide secure root of trust functions to an ECU in many use cases including proving the identity of an ECU, providing secure communications between ECUs, reporting the identity of software executing on the ECU and the remote deployment of maintenance updates. The adoption of secure, EVITA-based architectures allows a standardised security approach across a range of ECUs, deployed throughout vehicle families. A common HSM architecture, reused across multiple ECU applications, can achieve considerable improvements in time to market and development costs.

In the white paper 'Architecting Secure Automotive Systems – Arm Technology for next generation vehicular microcontrollers', Andrew Jones, Security System Architect, discusses how Arm technologies, such as TrustZone CryptoCell can be used to design low cost ECUs for medium or full HSM profiles based on both Cortex-M and Cortex-R processors.

Download White Paper: Architecting Secure Automotive Systems