Infineon: better data security for vehicle communication with AURIX and CycurHSM
The more connectivity and automated driving functions are built into cars, the more important embedded IT security becomes for vehicle communication. Infineon Technologies and ESCRYPT work closely together in the field of automobile cybersecurity. Both companies are now offering a solution that encrypts on-board communication and makes it more secure while considering future security requirements. It is based on the second generation of the AURIX (TC3xx) multicore microcontroller family from Infineon and on the specifically adapted CycurHSM security software from ESCRYPT.
The harmonized hardware-software solution makes it harder to manipulate electronic control units. In modern vehicles, there are around 60 of these ECUs communicating with each other. Thus, the solution improves IT security for applications such as software updates over the air (SOTA) and automated driving.
Compared to purely software-based approaches, the solution built from hardware and software – AURIX and CycurHSM – delivers a substantially higher performance. Today, every TC3xx microcontroller has an integrated hardware security module (HSM). Because the security functions are physically encapsulated in the HSM, the ECU’s host controller can concentrate fully on its own tasks.
ECU manufacturers also benefit in other ways: The hardware-software solution is easy to implement. It is AUTOSAR-compliant and dispenses with the need to develop further security functions – it is sufficient to configure the CycurHSM software. This turnkey solution is able to reduce development costs for IT security in vehicle communication by up to 90 percent. This allows the developers working for system suppliers to focus on their actual job of creating high-level software for new applications.
The microcontrollers of the AURIX family are key components for embedded security solutions in vehicles. They control communication processes, perform monitoring and security tasks, and support security protocols. The keys are generated and stored in the HSM, which permits secure booting, flashing, and debugging. With its symmetric and asymmetric encryption mechanisms (AES-128, ECC 256, SHA2), the HSM improves tamper protection, for example in vehicle software or internal and external data transmission. An HSM also helps to prevent loading of malware and unauthorized software updates.
As the world’s first software system provider for embedded security, ESCRYPT offers a software stack that has been specifically tailored to AURIX and HSM. CycurHSM enables hardware-based security functions such as data encryption and authentication, the use of true random number generators (TRNGs), and secured flash memory. Additionally, the solution features security functions such as runtime manipulation detection, which monitors the authenticity of the application software during the runtime.