Infineon, Microchip and NXP Semiconductors are among those building hardware security into chips as car manufacturers move to remotely upgrade the hundreds of millions of lines of code inside vehicles, similar to how phones are updated. They are also adding security to microcontrollers and other chips used to send messages around the car using Ethernet, CAN and other technologies.
Remotely updating the software that controls everything from the windshield wipers to the infotainment system and door locks to the autonomous driving functions could cut down on recalls related to malfunctioning code. But giving cars the ability to communicate with each other and the cloud—and giving electronic control units (ECUs) the ability to share the same information—also raises the possibility of car-hacking.
The threat of hackers infiltrating a vehicle through a single electronic control unit, such as the infotainment system, then pilfering personal information or taking control of the vehicle’s brakes, engine, door locks or autonomous driving functions could get increasingly serious over time. Many in the semiconductor industry say that safety standards—specifically ISO26262—will have to take security into account in the future.
Infineon, the second largest maker of automotive chips, said last month that its latest trusted platform module (TPM) would be targeted at automotive ECUs. These microcontrollers are generally used for storing security keys in data centers and personal computers to prove that they are who they say they are to other systems and have not been compromised. But the company’s Optiga TPM is specifically for cars.
“As a computer on wheels, the connected car benefits from the experience of the information technology industry,” said Martin Brunner, automotive security principal for Infineon, which held 10.8 percent of the car semiconductor market last year, according to Strategy Analytics. “In the complex interplay between software, network and cloud, security hardware creates the solid foundation for secured communication.”
The new Optiga microcontroller generates and stores passcodes that can be used for the authentication and encryption of the car’s communications. Installing the security device in the vehicle allows manufacturers to detect faulty components or manipulated software running inside them, the company said. Infineon’s new product can also be updated over time to reinforce the car against emerging security threats.
ST Microelectronics, the fourth largest car semiconductor supplier, is also targeting tougher security for gateways and electronic control units used in battery management, advanced driver assistance, and other functions. To protect these embedded devices from meddling, the company’s latest Chorus microcontroller uses its hardware security module (HSM) to encrypt communications and prevent the spread of malicious code.
The three-core chip can also run applications while downloading an update. The code can then be installed while the car is parked or in the middle of the night. The software being swapped out can also be saved inside the chip’s flash memory, which allows car manufacturers to reinstall it in emergencies. The updated code might, for example, have errors that cause the engine, brakes or other systems to malfunction.
Chorus can be embedded in a number of different systems within the vehicle, each one using independent Ethernet ports to connect with each other. The chip also contains 16 CAN and 24 LIN interfaces—major networking standards used in cars—giving it the ability to function as a gateway for various electronic control units in the car. ST Microelectronics said that the chip’s frequency comes out to 200 MHz.
“The way carmakers create, configure, deploy and maintain new vehicles is changing as software-defined functionality makes advanced features, flexibility and convenience ever more widely accessible,” Luca Rodeschini, automotive and discrete product group and microcontroller business director for ST Microelectronics, said. The company closed last year with around 7.1 percent of the automotive chip market, according to Strategy Analytics.
NXP Semiconductors has also been trying to take advantage of efforts—market researcher IHS Markit estimates that the automotive cybersecurity market will grow to $2 billion by 2024—to protect cars against digital dangers. The company started adding hardware security to its automotive microcontrollers in 2015. Today, every processor it develops for the sector includes a dedicated hardware security module.
That includes NXP’s latest safety microcontroller, the S32S, which can be used to manage the systems that accelerate, steer and brake cars. The chip acts on commands not only from drivers turning the steering wheel or pressing the brake pedal but also from the car’s central computer. The hardware security engine (HSE) inside is charged with handling secure boot and checking that software is authentic, trusted and unaltered.
NXP Semiconductors is also focused on suppressing threats to the car’s communications network. In the last year, the Eindhoven, Netherlands-based company started selling transceiver chips with hardware security to protect the CAN bus. These networks are used in every car today to connect electronic control units and are expected to remain the dominant network of the next decade despite the increasing use of high bandwidth Ethernet.
Traditionally, CAN networks have allowed a single compromised electronic control unit to have direct access to others connected to it. Today, they are protected against malicious code through the use of message authentication codes. But generating and sending these messages around the car costs more in terms of bandwidth and power consumption. Car manufacturers also have to tolerate longer message latencies.
NXP’s transceivers protect CAN networks from being manipulated by filtering out messages that compromised ECUs are not programmed to send. The chips offer tamper protection and prevent systems from flooding each other with messages, overloading and causing them to malfunction. All these capabilities are handled in hardware, reducing the bandwidth overhead and processor load.
Customers can boost security without having to replace existing electronic control units, the company said. “This translates to more efficiency and a reduction in the vital system resources needed for increasingly complex cars,” explained Jens Hinrichsen, senior vice president of NXP’s advanced automotive analog business line, in a January statement.
Microchip Technology is also trying to reinforce the security of the car’s electronic architecture. The Chandler, Arizona-based company released a development tool that emulates a secure node on a vehicle’s network. The CryptoAutomotive tool allows manufacturers to program the chip to enable the secure storage of passcodes and authentication of the car’s electronic control units.
The company said that the node can handle functions such as secure boot and CAN message authentication. Plugging these chips into the car allows customers to avoid a complete redesign with secure microcontrollers that handle many of the same security functions. Customers can also avoid reprogramming an electronic control unit's firmware to set up secure zones within hardware and software.
“With great advances in artificial intelligence, rapidly increasing levels of automation and autonomous vehicles on the horizon, securing automotive networks is a clear and urgent necessity the industry is now widely acknowledging,” Nuri Dagdeviren, vice president of Microchip’s secure products group, said in a statement. He added that the tool lets customers “start implementing security measures into existing vehicle networks immediately.”