MADISON, Wis. — Talking about the vulnerabilities of the electronics in automobiles is a risky business.
On one hand, as long as the auto industry hasn't yet experienced any real-life disasters as a result of car hacking, why even bring it up? Such talk starts to sound like "fear-mongering."
On the other hand, automotive security is a relatively new issue even for many people working in the industry -- chip suppliers, module developers, and, of course, the car makers. While reliability has been always high on vendors' minds, car security has hung below the radar for long time. For decades, cars weren't as much interconnected with the external world as they are now.
But over the last few years the mindset of the automotive industry has changed.
For Dirk Besenbruch, engineer, group leader of Systems & Applications, Automotive, at NXP Semiconductors, a turning point (triggering his work on NXP's automotive security solutions) came when he read a 2011 paper, written by researchers at the University of Washington and the University of California at San Diego, commonly know, among experts, as the "Savage" paper. Stefan Savage of UC San Diego was an author of the paper, which detailed experimental analyses of automotive attack surfaces.
To be clear, the automotive industry didn't entirely dismiss the issue of risks interconnected cars might face. Nor did they stand still.
Several automotive companies, including BMW and Audi, have gotten together to develop a spec called SHE (Secure Hardware Extension). SHE offers protocols for secure communication among different modules inside the car, explained Richard Soja, a distinguished member of Freescale Semiconductor's technical staff. Soja is responsible for the company's 32-bit automotive SoC architecture.
More than a few players also worked on the development of EVITA (E-Safety Vehicle Intrusion Protected Applications, somehow), an EU-sponsored project, to create "a set of guidelines to allow manufacturers to satisfy security features," Soja told us. The EVITA project was completed at the end of 2011.
It might be a while, though, before an appreciable number of cars with newly minted security features hit the road, especially considering the lengthy (about five years) development cycle of a car.
Still, automotive security is a boon for semiconductor companies. It affords an opportunity to demonstrate security expertise, pitch the idea to add secure elements to cars, or even convince carmakers to replace current MCUs with completely new secure SoCs.
NXP early on realized that automotive security could benefit from the company's experience and expertise in developing a "secure element" -- successfully deployed in millions of smartcards. NXP's Besenbruch says his company's approach to automotive security is to leverage that "field-proven" smartcard knowledge, and offer "separated secure elements."
NXP's approach creates a clear contrast to the strategy some competitors -- to wit, Infineon -- are pursuing. Infineon is redesigning the entire MCU to create embedded secure modules. While an embedded secure module might be a good solution for high-end cars, "changing micro [in its entirety] means getting locked into a certain type of MCU," argues Besenbruch.
NXP, in contrast, hopes to sell the flexibility of its separated secure element approach. Considering lifecycles and reliability demanded in the automotive industry, NXP believes its flexible approach can give auto companies more options to get started with protections against certain attacks sooner.