The Hidden Security Risks of Automotive Electronic Systems
May 12, 2021
Story
The Internet of things (IoT) is driving new capabilities that are transforming how we live, work, and play.
However, as our lives become more connected, the risk from hackers and other security breaches increases with every new IoT device. While most of us are pretty well versed in why we need to keep our most trusted devices secure – such as cell phones and laptops – we often don’t think about the connected intelligence that is now powering our cars. The truth is, these systems are ripe for security breaches. Just look at the Telsa Model 3, which is one of the most intelligent cars on the market. Back in March 2019, hackers targeted this car’s infotainment system and by using a JIT bug in the renderer, they were able to take control of the system. Granted, this was part of a hacking event so it posed no risks to the owner, but it did expose a gaping hole in the security of automotive electronic systems. If autos are going to continue to become more intelligent and connected to the world’s growing IoT infrastructure, this weakness must be addressed and solved.
Applications are Driving The Need for More Security and Safety
Automobile electronic systems are steadily becoming more intelligent. As the figure below illustrates, advanced electronic functionality is being added throughout the vehicle such as ADAS, Gateway, Power Train, Infotainment, V2V, and V2X. These new capabilities are driving the need for increased security and safety, particularly around the flash memory that has become a key component of these systems. Flash memory has been around for decades and it has evolved to now serve the automotive market. The problem, however, is that current embedded flash solutions pose significant security risks because they are based on legacy technology and architectures that don’t have the proper certification to guarantee both security and safety.
In automotive systems, safety and security are fundamental requirements to guarantee a tolerable level of risk, as defined by the ISO 26262 standard. These risks are managed by car manufacturers and subsystem providers but with an increasing complexity of vehicle electronics, the functional safety is now also the responsibility of IC manufacturers including the flash memory that stores critical code and data.
Security in automobiles is all about hiding the information and encrypting everything to prevent leakages via sophisticated mechanisms such as side channel. Data stored in flash array must be mixed and encrypted, and the communication channel must be strongly encrypted. Likewise, safety in automobile systems is about 100% observability, error detection, and maximum disclosure of information. Data should be validated and testing should guarantee very high quality level at ~0 DPPM. In addition, defect analysis should allow quality improvement and fault root-cause detection.
Questions Auto Manufacturers Must Ask
It is imperative that automobile manufacturers and makers of auto electronic systems ask the tough questions now – and not after a security breach has occurred in a real-life situation. Auto manufacturers have a choice in the type of flash technology they adopt and that decision will play a key role in protecting or exposing the vehicle once it’s on the road and in the hands of consumers. Thus, before you decide which flash product to trust for your security and safety, ask these following key questions:
-
Is the flash technology CC EAL5+ certified and at what level? A secure solution is not really secured and trusted without certification. Having CC EAL5+ certification means that the flash memory meets the highest security requirements for any automotive application including V2V and V2X. With this type of security, the architecture can detect even the smallest unauthorized change in data and immediately report this to the host. The stored data is protected from any unauthorized modification, either intentional or due to fault. Any such modification is immediately reported to the host and the reporting mechanism cannot be blocked. The flash array should also be protected by an extra layer of CRC based detection code. The flash logic incorporates sophisticated logic for detection of any wrong state. The SPI interface protocol adds a layer of both encryption and error detection, making it both secure and safe from errors.
-
Is the fab that manufacturers your flash solution ISO 26262 certified for safety? ISO 26262, the Functional Safety Standard which was released in 2011, is a certification indicator to verify whether the automotive electronic suppliers meet ASIL (Automotive Safety Integrity Level) requirement. ISO 26262 automotive safety certification includes management of functional safety, concept phase, system-level, hardware-level, and software-level designs and verifications, manufacturing, operation, maintenance, and decommissioning services for the entire product life cycle. ASIL-D of ISO26262 represents the highest level of risk management so components or systems that are developed for ASIL-D are made to the most stringent safety requirements. Flash devices, storing the code for critical car’s functions, should meet high safety requirements and reduce safety risks by providing highly reliable code storage.
- Is your security implementation upgradeable and programmable? What is your root of trust (RoT) implementation? Does your solution have platform resiliency? It is imperative for secure solutions to have a level of platform resiliency so that it can evolve and adapt over time to protect the system from breaches. With traditional ROM or embedded flash approaches that use MCUs and SoCs, a software implementation is used whereby the root of trust code is stored in ROM. These systems lack upgradability and have no resiliency for future attacks. In contrast, the more modern approaches are based on MCU/SoC and programmable secured flash. These solutions use an implementation based on software and hardened hardware which allows it to be programmable and upgradeable. This type of programmable hardware-based RoT can be continuously updated to contend with an ever-increasing range of threats and provide platform resiliency.
Clearly, a more modern approach to flash memory is needed in automobile systems for all the reasons highlighted above, and more. Unlike some of the older flash technology on the market, new technology is needed that can enable code and data to be transferred between a secured area and the SoC or MCU over a cryptographically secured standard SPI bus. In the future, it is likely that these more secure flash solutions will become a requirement for meeting security guidelines and standards, particularly since cyberattacks are becoming more pervasive and sophisticated. Regulations are likely to also become more stringent, which will further elevate the importance of security and functional safety in automotive applications.
The Future Car
Electronics play a vital role in almost every part of the vehicle today, from the body to the powertrain to the infotainment system. As consumers demand more innovation in advanced safety, security, infotainment, comfort and convenience features, and federal fuel economy standards keep increasing, next generation vehicles will have an even greater number of electronic components. This will make it increasingly important that the core technology, such as the flash memory, meets the highest level of security and safety standards. Threats from hackers have become increasingly sophisticated and this is going to require semiconductor manufacturers to develop more modern approaches that can thwart these attacks quickly and effectively. When it comes to your automobile, safety and security is definitely not something you want to skimp on.
Adrian Cosoroaba serves as Technical Marketing Manager for Secured Memory Products and has been with the Winbond group since 2010. He brings to Winbond over 25 years of semiconductor experience in memory applications and marketing. He holds an M.S. in Electrical Engineering from Ohio State University and a B.S. in Engineering Physics from University of California at Berkeley.