Future-proof TCU-ECU security for automotive systems

By: Khaldoun Albarazi, Market Development Engineer, STMicroelectronics and Drake Smith, Vice President of Engineering, SecureRF

Developing and providing connected systems in automobiles is a high growth, exciting market–with a problem. Security is increasingly important yet many of the devices in these systems are vulnerable. One of the issues is that current security methods, such as ECC and RSA, are too bulky and slow for the 8-, 16- and 32-bit processors running most Electronic Control Units (ECUs) found in cars today. In addition, with the average life of an automobile exceeding 11.6 years, the future threat of quantum computing attacks, which break ECC and RSA, must also be considered.

SecureRF and STMicroelectonics teamed up to address these problems by providing a future-proof, low-power, security solution that runs extremely fast on even the smallest automotive processors. SecureRF’s WalnutDSA and Ironwood KAP, two security algorithms, were recently ported onto STMicroelectronic’s SPC58ECxx 32-bit platform. The two companies built a demonstration model to show mutual authentication between a Telematic Control Unit (TCU) and multiple ECUs. The demonstration project was on exhibit at TU-Automotive Detroit 2018.

Walnut Digital Signature Algorithm (DSA) and Ironwood Key Agreement Protocol (KAP) are based on SecureRF group theoretic cryptography (GTC). This branch of cryptography, while not new, is helping to solve the relatively new problem of securing the growing number of resource constrained devices in the IoT, automotive systems, and other connected applications. GTC has the triple advantage of being very fast on even the smallest devices, requiring minimal RAM/ROM, and being resistant to all known quantum attacks. Because of its computational efficiency, GTC has the added bonus of using much less energy than other methods. SecureRF can implement its GTC solutions in hardware or software.

Performance advantages for the MCU are impressive

For the TU Automotive show, WalnutDSA and Ironwood KAP were ported to the SPC58ECxx in assembly language to further reduce the run-time and energy consumption of their already efficient methods.

The SPC58ECxx device is a 32-bit MCU from STMicroelectronics that is part of the general-purpose family targeting body, networking, security, and connectivity applications. The device features dual e200z4d PowerPC cores running at 180MHz, up to 4MB of flash and 512KB of RAM, hardware security module, and many communication peripherals including LIN, SPI, UART, Ethernet AVB, Flexray, and CAN FD. The SPC58ECxx is designed according to the ISO 26262 and supports ASIL-B rating for safety critical applications.

The demo ran on ST’s SPC58ECxx Discovery board, and delivered a significant performance advantage by running GTC as compared to ECC-based authentication. The resulting decrease in run-time—the GTC-based solution (WalnutDSA + Ironwood KAP) was 12.6X faster—and better ROM/RAM utilization as compared to Elliptic Curve Cryptography (ECDSA + ECDH) is shown below:

The GTC-based solution will enable ST customers to provide important security functions like secure boot and secure firmware updates for onboard microcontrollers, and to enable SPC58ECxx-based TCUs to provide mutual authentication between themselves and low-resource ECUs throughout the vehicle. The demonstrated solution is illustrated below:


Even more impressive are the advantages for connected ECUs

Securing the very small processors on ECUs is a critical issue for designers and one of the most important benefits of this solution. The need to authenticate quickly can be vital. Other methods of security may not be practical for many automotive applications. However, GTC-based methods can fit on the smallest processors and still provide great performance. The screenshot below shows the relative performance of GTC and ECC on an 8-bit processor.

Authentications for WalnutDSA/Ironwood KAP (green) vs ECDSA/ECDH (red); with RAM and ROM utilization

In the diagram above, each vertical spike marks the completion of an authentication. SecureRF’s WalnutDSA and Ironwood KAP complete a full authentication in only 68 milliseconds versus 7.69 seconds for ECDSA/ECDH, a factor of 90 times faster! This speed advantage, with its resulting ultra-low energy consumption, and minimal RAM/ROM requirements, make SecureRF methods well-suited for resource-constrained processors.

SecureRF cryptography is ideal for the SPC58ECxx on-chip Hardware Security Module (HSM) that provides complete isolation between the security subsystem and the SPC58ECxx’s main processor cores. SecureRF solutions are also excellent for devices that do not feature an HSM unit such as the SPC582Bxx. The SPC582Bxx is a slimmed-down variant of the SPC58ECxx. It offers a single e200z4d PowerPC core running at 120MHz, up to 1MB of flash and 192KB of RAM. However, the lack of hardware security dictates the need for a software-based solution. The solution must be able to perform well while being lightweight in terms of resources required so that it doesn’t impose any overload on the system.

Future-proofing your automotive security

Due to their multi-year design life, automotive systems need future-proofing against the coming threat of quantum computing. SecureRF methods are post-quantum to all currently known attacks.

If you have an automotive design application that uses resource constrained processors, our experts will provide an initial security consultation and can assist with security solution design for your devices. Contact us to learn more.