Automotive cybersecurity begins with secure ASIC, FPGA and SoC hardware

January 28, 2020 //By Dr. Jason Oberg
cybersecurity
Is your vehicle secure? Tesla found out the hard way. Hacking typically begins by finding a series of vulnerability issues that create a path through the car’s maze of defenses.

So, when researchers at the Chinese firm Tencent revealed they could burrow through the Wi-Fi connection of a Tesla S, all the way to its driving systems and then remotely activate the vehicle's brakes, they exposed not one but a chain of security issues. Security vulnerabilities can be introduced throughout the design lifecycle starting at the architectural level, where fundamental flaws in the security architecture, such as storing implicitly trusted boot code in unprotected writable SPI Flash can open systems to attack.

A flawed microarchitectural design decision can also open hardware to vulnerabilities (ex. Meltdown and Foreshadow). Vulnerabilities can also be introduced during RTL design, such as unintentional backdoors in test and debug circuitry, as well as errors in configuration and usage of hardware by low-level firmware and software.

Commonly employed security verification techniques, which include manual design and code review, formal verification, and simulation-based functional verification are important as part of a larger verification strategy but do not provide a unified scalable methodology which can be applied during all stages of the pre-silicon design lifecycle.

Automotive security development lifecycle

The trend of rooting security into hardware is growing rapidly. In a 2015 survey from the Global Semiconductor Alliance (GSA) and McKinsey, semiconductor executives listed security as the top priority for the Internet of Things (IoT) with a large emphasis on automotive. This same survey also listed endpoints and chips some of the most vulnerable attack points in a modern car.

Functional safety has long been a primary deign concern for OEMs and their suppliers. However, now with the connected and autonomous vehicles, cybersecurity poses additional design challenges. The auto industry’s upcoming standard ISO/SAE 21434 is intended to drive security activities and process at all phases of the vehicle life cycle. The goal is to keep people and information safe. This new standard will be based, in part, on the existing Auto-ISAC (Automotive Information Sharing and Analysis Center) best practice guide.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.