Reliable authentication as an integral part of automotive security technology
Authentication (i.e., proof of identity) is an integral part of automotive security systems. The best-known application is the electronic immobilizer as a central component of theft protection. Here, authentication takes place between the ignition key and one or more electronic control units in the vehicle. However, authentication is also used within the vehicle, for example, as component protection between electronic control units to identify the replacement of components not intended by the manufacturer.
Hardware-based security as a requirement for effective electronic immobilization and component protection
Auto theft in Germany declined significantly after widespread introduction of the electronic immobilizer in the late 1990s. But over the last 5 years or so this trend has stagnated or reversed. Apart from unsuitable, partly proprietary or outdated encryption methods, and key lengths that are too short, the main cause can be attributed to the lack of secure key storage. Deeper integration of the security system in the vehicle electronics is one solution.
With the hardware security module (HSM), Infineon provides state-of-the-art protective structures
Infineon provides an integrated Hardware Security Module (HSM) as part of its TriCore™-based AURIX™ 32-bit microcontroller . In addition to a 32-bit CPU and various monitoring modules, the module includes:
- Special access-protected memory for storing the cryptographic key and the unique subscriber identifiers
- A hardware accelerator for state-of-the-art AES-128 encryption that can be operated in different modes
- Specific hardware for random number generation
A firewall separates the HSM from the other processing units in AURIX™. The ability to program the module makes it possible to implement a number of different authentication methods. In addition, the integrated high-performance 32-bit CPU makes it possible to implement asymmetric methods in software if necessary.
In a simple (unilateral) authentication protocol, the transmitter (challenger) generates a random number unpredictable to an attacker and transmits it to the receiver (responder). The responder encrypts the random number using a secret cryptographic key known to both sides and responds to the challenger with the encrypted response. The challenger, who also has the secret cryptographic key, can now decrypt the response, compare the response with the initially generated random number and authenticate the responder. An attacker could try to fake the identity of the responder by listening to and resending the encrypted response and subsequently manipulate the challenger through false messages. This is why the quality (entropy) of the generated random numbers is of particular importance, meaning they cannot be predictable. The random number generator implemented by Infineon distinguishes itself by very high entropy over the entire life cycle.
Automotive Application Guide
02_00 | Nov 23, 2016 | PDF | 8.44 mb
Hybrid electric and electric cars
02_00 | May 20, 2014 | PDF | 7.22 mb
Make Your Application Wireless-Sub 1GHz RF Solutions
02_00 | Nov 20, 2014 | PDF | 1.59 mb
Product Brochure New TriCore™ Family
02_00 | Aug 28, 2017 | PDF | 7.46 mb
Sensing the world - Sensor solutions for automotive, industrial and consumer applications
May 29, 2017 | PDF | 10.99 mb
Your path to robust and reliable in-vehicle networking, Infineon's automotive networking solutions
01_00 | Nov 21, 2016 | PDF | 8.27 mb
Battery Management for Electric Verhicles
Solutions for Small Electric Vehicles
Powertrain System Part 1
Powertrain System Part 2
BLDC Motor Control
Brushed DC Motors
Stepper Motor Control
AC Induction Motors
Find an answer to your question
Technical Assistance Center (TAC)
Infineon welcomes your comments and questions.
If you have any questions concerning our products, please fill out the following form. Your inquiry will be sent to the appropriate specialist who will be in touch with you as soon as possible.
You will receive a confirmation E-mail to validate your address in our system. Any attached file to the reply which will help to support your inquiry is highly appreciated.