A brief discussion on automobile safety and security

The automotive industry is undergoing significant technological change as cars become more dependent on electronic devices.

The electrification of automobiles, the development of driver assistance systems, and the rise of autonomous driving are all driving the increasing demand for embedded electronics.

Generally speaking, a car contains more than 80 electronic control units (ECUs, which control the entire electronic subsystem and drive many electronic devices). With the development of vehicle-to-everything (V2X), electronic substitution and driving automation, this number will continue to expand.

Figure 1 ECU

Among the subsystems driven by the ECU, components that perform critical functions require a high level of safety and security. While in-vehicle infotainment systems primarily require content protection (which relies on strong encryption and authentication capabilities), X-by-wire and autonomous control systems require more advanced safety and security features.

In recent years, a number of attacks on manufacturers' automotive computer systems have sounded the alarm for automotive safety.

Vehicle safety requirements

With the innovation of the next generation of automobiles (connectivity to external networks, increased automation and the development of autonomous driving, etc.), security and confidentiality have become the most critical issues and major concerns in today's automotive engineering.

On the one hand, vehicle safety (or functional safety) is an important factor in ensuring the personal safety of drivers, passengers and other road users. Safety systems in vehicles are divided into active and passive types. Active safety systems include brake assist, anti-lock braking system (ABS), electronic stability control, collision warning, and passive safety systems include seat belts, airbags, and fuel tank position.

Confidentiality, on the other hand, refers to the level of protection from external threats. It refers to all measures taken to protect systems and data from attacks. Security systems include alarms, remote keyless entry, centralized locking systems, immobilizers, etc.

Security and confidentiality are inseparable. In order to prevent adverse events such as failures and data theft, a high level of security and confidentiality is required.

Standards in the automotive industry describe the legal requirements for guaranteeing product reliability and compliance with the required security level. ISO 26262 security and Evita, ISO 21434 or common standards with V2X security protection profiles guide product designers to ensure security throughout the hardware/software development lifecycle. Higher-level services such as TLS and IPSEC are also increasingly used for communication between different ECUs and between ECUs and the outside world.

While risk awareness can be an effective way to ensure security and confidentiality, certification is the only way to ensure the required level of security.

How does Secure-IC prevent cybersecurity threats in cars and solve safety issues?

Secure-IC is very active in the field of automotive security. In addition to multiple projects around the world, Secure-IC is an active contributor to automotive cybersecurity standards such as ISO21434.

To achieve security and confidentiality, Secure-IC offers the SecuryzrTM integrated secure element (iSE). This security subsystem is called HSM (Hardware Security Module) and is adapted and integrated within the SoC (System on Chip) within various ECUs.

It contains various security functions such as encryption, authentication, random number generation, physically unclonable functions, and has only one secure interface connected to the rest of the chip.

This approach is unique worldwide and offers huge advantages. Due to the hardware separation, the attack surface is greatly reduced compared to the classic approach of providing side-by-side IP blocks, and the unified interface simplifies the use of integrated services through a unique API. In terms of design, this fully integrated solution reduces system design time and can simplify certification procedures, as key functions are independent of the rest of the design.

Safety elements can also embed safety functions that meet ASIL standards.

SecuryzrTM solutions are developed according to rigorous specifications and design principles, using proven EDA tools and undergoing extensive security and confidentiality assessments throughout the design cycle.

It provides a powerful weapon to prevent hardware failures and guard against security risks.

SecuryzrTM and all its embedded functions can protect against potential physical attacks, namely fault injection attacks (FIA) and side channel attacks (SCA). The IP has been thoroughly tested during the development process, and its resistance to physical attacks and fault protection is fully guaranteed.

All IPs provided by Secure-IC have self-tests embedded to ensure normal operation at startup and that there are no ongoing attacks. The IPs can detect environmental changes and adverse conditions through internal digital sensors.

SecuryzrTM can embed multiple safety measures such as lockstep CPU, error correction code, watchdog, etc. With its flexibility, integration and high level of security and confidentiality, it can ensure that automotive equipment has the best safety level, meets ASIL-D safety level and meets target certification requirements.