Save as PDF

Security development kit

Securing CAN frame authentication

Published 2018-08-08

The mass adoption of modern conveniences in automobiles, such as infotainment and Advanced Driver Assistance Systems (ADAS), has enhanced the experience of everyday travel.

The security development kit enables to implement also functions such as secure boot (Photo: Microchip)

At the same time, the addition of these consumer amenities has added numerous entry points for hackers. This exposure can and has led to recalls, loss of revenue, and tarnished brand reputations across the automotive industry. The question for Original Equipment Manufacturers (OEMs) and Tier 1 suppliers is no longer, if vehicle networks need security but how to implement this security practically and without a costly complete design overhaul.

The Crypto-Automotive In-Vehicle Network (IVN) TrustAnchor/Border Security Device (TA/BSD) development kit from Microchip enables the carmakers and their suppliers to introduce security to networked vehicle systems. The introduced security-specific automotive development kit emulates a secure node in an automotive network and provides system designers with an intuitive starting point for implementing security. Designed to be flexible, the tool accommodates each OEM’s implementation by allowing manufacturers to configure the node to conform to various specifications and industry standards. The tool demonstrates secure key storage, ECU (electronic control unit) authentication, hardware-based crypto accelerators, and other cryptographic elements. When used with a host microcontroller, it enables designers to implement functions such as secure boot and CAN frame authentication, including conversion of Classical CAN frames to CAN FD frames with appended Message Authentication Codes (MAC) when appropriate.

With the companion approach, the TA/BSD emulation kit enables OEMs to continue using their existing micro-controllers and, more importantly, existing MCU firmware certified to required safety standards by later adding the companion chip the kit emulates. These companion chips will come to the customer preprogrammed and include built-in security measures to provide true hardware-based key protection. This add-on approach can deliver significant cost and time-to-market advantages, compared to the alternative of redesigning the system with a high-end secure MCU. This can entail significant re-architecture of the MCU firmware to implement secure zones with hardware and software domains.

The tool can be used with any ECU, architecture, configuration or bus, providing the flexibility to implement security in existing systems without large-scale redesigns. The companion chip solution requires minimal MCU code updates, resulting in minimal to no impact to existing host MCU functional safety ratings. This approach also removes the requirement for in-house security expertise. The tool provides an online GUI (graphical user interface) program with pre-configured options to simplify and facilitate implementation. “With great advances in artificial intelligence, rapidly increasing levels of automation and autonomous vehicles on the horizon, securing automotive networks is a clear and urgent necessity the industry is now widely acknowledging,” said Nuri Dagdeviren from Microchip. “With its flexible add-on approach, Microchip’s automotive development kit gives OEMs and Tier 1 suppliers the tools needed to start implementing security measures into existing vehicle networks immediately.”

hz