Page 12

EETE SEP 2015

security Fraunhofer rolls security platform for cars By Christoph Hammerschmidt Electronic control units in cars, in particular head units, have recently been the target of cyber-attacks. Researchers from Fraunhofer Institute for Secure Information Technology have devised a platform enabling the development of secure head units based on open hardware and software standards. Electronic control units in today’s vehicles are connected to engine control, steering, even the behaviour of the brakes. In an average vehicle several dozens of these small computers are performing their tasks; some top car models have more than 100 such units. Information technology nowadays is one of the strongest drivers of innovation in the car, says Christoph Krauß, researcher at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT) in Darmstadt, Germany. The institute is focusing on the safety and security of embedded IT systems in vehicles. “Nowadays, the car which used to be a closed system, is the target of attacks through the multiple IT interfaces that are increasingly implemented”, Krauß says. The list of current examples of attacks is quite long. Hackers spied out private user data, used car dealers manipulate the odometer readings, car thieves outwit the immobiliser and open car doors and even rogue car owners activate functions they have not paid for. Very recently, a hacker duo took control of vital vehicle functions like brakes and steering; another one hacked into GM’s OnStar communications system. Along with the progress of hackers’ ability to bring cars under their control grows the necessity to increase the security level for the in-car IT. Of course, cryptographic solutions are available, says Krauß. However, very often they are not flexible enough. Along with his team, Krauß has built a solution that makes use of hardware security modules (HSMs) to ensure security at device level. In doing so, they utilised the Trusted Platform Module, a widely recognised open standard, in its latest version TPM 2.0. It has been developed by the Trusted Computing Group, an organisation bundling the standardising efforts of almost all important IT players. Our solution is a software platform that helps developers to create secure control units based on TPM 2.0, explains project manager Andreas Fuchs. With this platform all the necessary building blocks of automotive control units, hardware as well as software, can be simulated and subsequently implemented. Thus, car manufacturers and tier ones obtain important information already during the development that helps them try out different application scenarios. To look into real HSMs once they are developed is not possible for security reasons, Fuchs said. The TPM-based solutions devised with the Fraunhofer platform can be integrated directly into the ECUs or connected upstream of them, depending on what needs to be protected. The hardware of the solution takes the function of a trust anchor in that it is a secure storage for the cryptographic keys and at the same time an application environment for all security relevant operations. It detects attacks and releases the keys only if the device is in a trusted state. If, for example, the parking assistant has been manipulated, the engine control unit inhibits starting the motor to prevent undesired access to steering through this parking assistant, explains Krauss. The software in this system is required to communicate with the hardware and embed the security functions provided along with the platform into the main tasks of the ECU. Based on this framework, the researchers developed an HSM demonstrator for a head unit, the building block in automotive electronics that runs the infotainment system. It protects the car-related data as well as the owner’s private data against unauthorized reading. Today, TPM modules are installed in almost any desktop or laptop computer, says Fuchs. For instance, they secure the BitLocker disk encryption from Microsoft that is integrated into Windows. Our development environment is a contribution to establish the TPM standard in cars. This makes it easier for car manufacturers to implement these standards as well as applications based on them. The platform is not only relevant for car designers but likewise for other application areas such as industrial controls or the Internet of Things. The Fraunhofer institute is about to license the technology to two industry sectors, while automotive deployment is already close to series production. 10 Electronic Engineering Times Europe September 2015 www.electronics-eetimes.com


EETE SEP 2015
To see the actual publication please follow the link above