The reality is that, while cars have a number of vulnerabilities, the security level needed for each might differ.
It's important to increase security against manipulation of the in-car network, but "you must carefully look into what you need to protect," says Besenbruch. Tightened security shouldn't affect performance. You don't want to delay braking, because a system requires that the order to brake be authenticated, he explains.
The right solution should be compatible with existing architecture and systems, according to Besenbruch. "Current hardware platforms and software components should be modified as little as possible."
Against that backdrop, one of the NXP's proposals is to secure "existing and future systems" by "integrating a secure memory area that can only be written to and read with authorized access."
By integrating a trustworthy element, described as "a trust anchor," into security-related ECUs, NXP believes that the security of data can be improved. Trust anchors, in the form of a security microcontroller, are not new. They are already used in credit cards and telephone SIM cards. NXP is one of the clear leaders in that field.
Secure element in ECU architecture
A security processor today incorporates such functions as a secure memory area, cryptographic co-processors, management of certificates and private keys, and generation of public keys.
By adding to an ECU a security processor (like one based on NXP's A700x product group -- already used in other industrial applications requiring security), combined with an existing car microcontroller, NXP believes it can offer security-related features that include:
Firewall applications for securing the gateway. For this purpose, communications can be authenticated before being passed on to the relevant sub-bus.
Secure storage applications, such as error logs or mileages, which can only be written to by means of authentication.
Secure boot. This ensures that the software of individual ECUs has not been compromised.
Certification of (electronic) replacement parts. Only authorized ECUs can be introduced into the vehicle network.
Registration with external services through protected connections. The secure element provides the access data for VPN and HTTPS connections.
Of course, in order to determine which ECUs need to be equipped with a trust anchor, one needs to first identify functions and applications that need to be protected against car hacking.
Potential attack and manipulation scenarios by hackers, described by Besenbruch during an interview with EE Times, ranged from modification of mileage, unauthorized geolocating, and installation of malicious codes in MP3 files, to eavesdropping on telephone conversations via Bluetooth and tuning chips through the manipulation of electronic control unit software.
Depending on where such functions -- vulnerable to potential attack -- exist in the in-car network architecture, a secure element should be offered to locally protect those functions, "by saving, calling or authenticating data used by the ECU's main microcontroller, or securing a connection with additional ECUs," explained Besenbruch.
Also, "a secure boot algorithm that prevents manipulation of the software should be implemented in all cases."
Another weak link: the supply chain
There's another aspect to automotive security that the industry shouldn't forget, notes Besenbruch. The supply chain could be the weak link.
Management and the chain of custody of keys and secrets for the installed ECUs during module production are critical. Auto companies must specify which partners install the secure element, who installs the keys in the ECU, and how the allocation is managed at every phase in the distribution chain, according to Besenbruch.
Here, NXP maintains that the company's experience in proven procedures from bank and credit card supply chains can be leveraged for use in automotive production.
Editor's note: EE Times's Automotive Designline is examining how the automotive industry and chip suppliers are planning to address automotive security.
This is the second installment. The first article, How Hackers Can Take Control of Your Car, appeared on July 8.