Handset vendors and operators use M-Shield security functions for DRMs for streaming video, for example, said Tolbert. The automotive industry can now use it for such security features as a CAN bus interface, protected keys, a secure execution environment, on-chip accelerators, firewalls, secure boot, and others.
An M-Shield-enabled OMAP automotive processor -- called Jacinto 6 -- offers carmakers hardware-based security with a flexibility of software that can meet the growing needs of automotive security over the next 10 to 20 years, explained TI’s Reis. “Your vehicle can last more than 10 years. You need a solution that won’t give up the security, and that can keep up with hackers who will inevitably have more means and capabilities over time.”
The Jacinto 6 uses the OMAP architecture at its foundation, including dual Cortex-A15 cores, dual Cortex-M4 cores, and multi-Imagination Technologies’ Power VR graphics cores. “We leverage ARM’s TrustZone to offer protective mode of execution for authentication code; we use the power of Cortex, and we integrate crypto accelerators. We also put an additional microcontroller on a device so that fully authenticated code can run in secure function mode.”
Going beyond SHE and EVITA
TI claims that Jacinto 6 also meets with emerging automotive security specs and guidelines, such as SHE and EVITA.
SHE, which stands for Secure Hardware Extension, is a spec developed by the automotive industry as an on-chip extension within an MCU. Designed to offer a “secure anchor,” SHE provides a set of cryptographic services to the application layer, thus isolating secret keys from the rest of the MCU resources.
Meanwhile EVITA (E-safety Vehicle Intrusion protected Application) isn’t a spec, but a guideline developed under the EU project. Its mission is to develop “an efficient general-purpose ECU security hardware extension that aims at designing, verifying, and prototyping an architecture for on-board networks where security-relevant components are protected against tampering and sensitive data are protected against compromise,” according to EVITA.
TI believes the advantage of M-Shield security is that its application is not limited to protecting a single bus. Reis noted that the hardware definition in SHE, for example, is focused on methods to protect CAN bus. “But M-Shield is flexible enough to deal with an unlimited number of keys on any bus.”
Asked how exactly this security solution stacks up against those developed by TI’s competitors, Chuck Brokish, TI’s distinguished member, technical staff, demurred. He said, “The foundation for automotive security is still in its early days. The industry is just getting into it.” With limited exposure to real-world implementations of such security solutions, it’s hard to make comparisons at this point, he explained.
Turning your radio up to max
Speaking of the recent car-hacking demo done by Miller and Valasek, TI’s Brokish noted that the introduction of a laptop into the OBD (on-board diagnostic) port shouldn’t be reason to dismiss what the researchers proved. He recalled the old days, when people did sneak into a data center to hack computers. These arduous but damaging attacks exposed weaknesses in the system. The same interpretation applies weaknesses in automotive system architecture.
Brokish also noted that one shouldn’t take lightly a hacker who just got into buses other than the central bus. This can be more than a mischievous, minor annoyance, he said. It could trigger a life-threatening experience.
Think about downloading an app -- malware -- into your car infotainment system. It turns the volume [of the radio] all the way up, or starts honking the horn uncontrollably, said Brokish. “Picture this happening on a highway.” Beyond being freakish, it could cause “a major distraction and chaos,” he noted.
While there are no design-wins to announce yet, TI’s Tolbert cited discussions with car-makers while educating them about Jacinto 6. “We are getting a lot of interest from our customers.”