Cyber security is huge and continues to dominate as a hot topic in the automotive sector. As the vulnerabilities in automotive systems become better understood, the days that purely adding software mechanisms to address cyber security issues are no longer adequate. Hardware is not only a key consideration in the vulnerabilities of systems, it can also play a key role in cyber security mitigations.
So what techniques can be used for reducing hardware cyber security risks?
- Defence Against Malicious/Destructive Attacks
Sensible EMC screening of circuitry should follow industry standard EMC guidelines [3]. This cannot eliminate every threat, but will reduce the probability of vulnerability.
As is the case in the world of functional safety and as defined in ISO 26262 [4], graceful degradation of functionality can be implemented, such that each item that fails in the network due to HEMP will not impact the remainder of the network and shall switch in a controlled manner into a safe or inactive state.
- Detection of Trojan Circuits
Two methods that are potential mitigations are side-channel analysis and trojan activation.
Side-channel analysis relies on variations in signals, usually analogue e.g. power dissipation, current, temperature or timing. Trojan activation techniques attempt to trigger a trojan circuit during silicon design authentication to make the malicious behaviour observable or to improve side-channel analysis techniques.
Using two different chips from different fabs that check and compare the same feature is also a technique for detecting trojans.
- Cyber security Design Solutions
Cryptographic Interfaces – Most microcontroller manufacturers use techniques to reduce the likelihood of the microcontroller being compromised through the standard interfaces. These generally take the form of hardware security circuitry and are based on cryptographic modules. One major concern in this type of circuit is the possibility of hardware trojans being built into the circuit, in such a case the security of the chip could be compromised.
Over & Undervoltage Protection – Detection and protection against over and under voltage can be relatively simply implemented in circuits. If a power supply moves outside the specified operational region the circuitry should cease to operate e.g. switch to a reset state. Protection circuitry should prevent destruction of the main circuitry e.g. microcontroller wherever possible. If a device is deliberately overstressed in the search for vulnerabilities, then the device should fail such that no key information can be extracted following the attack.
Buffer Overflows – Hardware-assisted approaches to buffer overflow protection improve upon accuracy and performance of software-only schemes for dynamic attack detection. One common solution is to maintain a shadow of the return address by creating a return address stack or monitoring the location of the return address for any unauthorized modifications.
Mechanical Measures – Using bespoke interfaces and connectors will not prevent a hacker gaining access to the interface, but they can hinder progress or deter the less motivated of hackers.
Deactivating interfaces through hardware means also hinders a hacker’s ability to gain access to the microcontroller or programmable logic
The complexity of cyber security in the automotive sector demands a rigid systems engineering approach, and hardware security must be considered early in product life cycles. A hardware-enhanced security approach is critical, as new and ever greater security threats evolve.
