Software update Over The Air (SOTA) secured by Infineon`s security controllers
Updating software over the air (internet connection) requires a complex security system
High expenses at vehicle manufacturers for fixing software issues by costly recalls are driving their desire to use mobile communication channels in order to remotely execute software updates over the air (SOTA).
The benefits of this remote update are really compelling, but the security aspect and with it the potential consequences on the car’s safety need to be considered.
An insufficiently secured external connection, which is used to run software updates, could open up the door for potential hackers to the complete board net architecture of the car und thus its safety systems. So in the end a driver’s life could be dependent on the security protection mechanism of the vehicle.
Infineon’s security controllers are offering security protection for different use cases in a SOTA system. The graphic below shows a simplified proposal of a SOTA system architecture, where dedicated security controllers are taking over specific security functions.
SOTA brings many advantages
The telematics control unit connects the car to the outside world and thereby enables numerous new applications and functionalities. Software in different ECUs can be updated remotely, to either add new features or remove any software bugs that might be found during operation. This reduces the number of recalls and related costs and increases customer satisfaction. The possibility of adding new features opens up the door for new business models and revenue streams.
System & application features
- Realizing benefits of SOTA without risking safety of the car through holistic security architecture
- Avoiding reputation damage caused by potential hacks enabled by insufficient security
- Optimized certified security solutions at reasonable costs
- Reliable AEC Q100 qualified security solutions
Infineon’s scalable security solutions (discrete or HSM on microcontroller) offer optimized security for the specific use cases and functions in the different ECUs, which are affected by the software update.
- SLI 76 / SLI 97 familys enable as embedded SIM cards the connection of the car to the internet.
- The security certified OPTIGA™ TPM offers besides cryptographic operations a tamper resistant key store for high sensible credentials, and thereby secures not only the sensible external interfaces of the car but also the vehicle supply chain.
- The HSM of the AURIX™ microcontroller family supplies important on-site security measures in each involved ECU (Telematics, Gateway, Target ECU)
- Remote diagnostics
- Payment systems
- Software update
- Feature upgrades
- Internet services
Infineon’s Trusted Platform Module (OPTIGA™ TPM) protects cars
Infineon has developed the TCG-standard, 2.0-compliant OPTIGA™ TPM (Trusted Platform Module) to secure external communication. It is preferable to integrate the TPM into the Communication Control Unit, which is often connected to the infotainment system, where the TPM takes over important security functions like authentication of incoming signals to avoid unauthorized access from external.
By establishing a secured connection to the manufacturers’ servers and verifying system integrity, the TPM enhances trust between communicating entities and can be used, for example, to secure software updates on the road. Because key secrecy is essential to these operations, the TPM protects these sensible keys and credentials by its tamper proof and security certified key store function. The TPM has the added advantage of being based on security standards, which have been improved over many years to resist most of all known attacks and therefor TPM offers maximum security at optimized costs.
Security also results from security processes throughout the entire value chain
Product security in general also depends on the quality of security processes implemented in the development and manufacturing stages. The Infineon TPM (OPTIGA™ TPM) development process is Common Criteria (ISO 15408) certified. Additionally, Infineon’s TPMs are manufactured and customized using audited and certified secured manufacturing processes. This strict third party control of security processes is essential to Infineon TPM`s excellent security quality.
Personalization means that every TPM contains a certificate and related private secret key. This key can then be used for encrypting sensitive data like keys in automotive vendors’ (OEM) and in tiers’ manufacturing when transferring this data into electronic control units. This relieves these manufacturing steps from security measures to protect key handling in clear text, saving costs and increasing manufacturing security.
To summarize: The OPTIGA™ TPM is not only providing security while the car is on the road, but also improves security and reduces costs in manufacturing at OEMs and tiers.