Reliable authentication as an integral part of automotive security technology
Authentication (i.e., proof of identity) is an integral part of automotive security systems. The best-known application is the electronic immobilizer as a central component of theft protection. Here, authentication takes place between the ignition key and one or more electronic control units in the vehicle. However, authentication is also used within the vehicle, for example, as component protection between electronic control units to identify the replacement of components not intended by the manufacturer.
Hardware-based security as a requirement for effective electronic immobilization and component protection
Auto theft in Germany declined significantly after widespread introduction of the electronic immobilizer in the late 1990s. But over the last 5 years or so this trend has stagnated or reversed. Apart from unsuitable, partly proprietary or outdated encryption methods, and key lengths that are too short, the main cause can be attributed to the lack of secure key storage. Deeper integration of the security system in the vehicle electronics is one solution.
With the hardware security module (HSM), Infineon provides state-of-the-art protective structures
Infineon provides an integrated Hardware Security Module (HSM) as part of its TriCore™-based AURIX™ 32-bit microcontroller . In addition to a 32-bit CPU and various monitoring modules, the module includes:
- Special access-protected memory for storing the cryptographic key and the unique subscriber identifiers
- A hardware accelerator for state-of-the-art AES-128 encryption that can be operated in different modes
- Specific hardware for random number generation
A firewall separates the HSM from the other processing units in AURIX™. The ability to program the module makes it possible to implement a number of different authentication methods. In addition, the integrated high-performance 32-bit CPU makes it possible to implement asymmetric methods in software if necessary.
In a simple (unilateral) authentication protocol, the transmitter (challenger) generates a random number unpredictable to an attacker and transmits it to the receiver (responder). The responder encrypts the random number using a secret cryptographic key known to both sides and responds to the challenger with the encrypted response. The challenger, who also has the secret cryptographic key, can now decrypt the response, compare the response with the initially generated random number and authenticate the responder. An attacker could try to fake the identity of the responder by listening to and resending the encrypted response and subsequently manipulate the challenger through false messages. This is why the quality (entropy) of the generated random numbers is of particular importance, meaning they cannot be predictable. The random number generator implemented by Infineon distinguishes itself by very high entropy over the entire life cycle.