AURIX™ TC4x Innovative Cybersecurity Architecture
Future cars, with their increasing communication capabilities, will need protection from the ever-changing cybersecurity landscape. In order to adapt to these new challenges, we have developed a new concept to address upcoming car-related cybersecurity threats.
AURIX™ TC4x, our upcoming microcontroller family, comes with a new and innovative cybersecurity cluster, CSx
Principles of Cybersecurity
How to secure the future car?
Supporting new features and algorithms as well as providing latest hardware acceleration, our new cluster is able to provide increased performance vs. previous generations by resolving bottlenecks.
The cybersecurity cluster has 2 main modules:
- The cybersecurity real time module (CSRM)
- The cybersecurity satellite (CSS)
AURIX™ TC4xx Cyber Security Cluster (CSx)
More feature set with accelerated performance
The CSRM is the root of trust in AURIX™ TC4x for a secure hardware environment. It provides between 5 and 15 times better performance when compared to previous generations.
Furthermore, it supports individual security software updates independent from the application core and enables the implementation of multiple security use cases for wide-ranging applications.
CSS is the novel addition to the cluster. It enables the parallelization of hardware accelerators as a service provider to the application area, allowing for multiple channels to be used by independent applications with different trust levels.
Multiple hardware accelerators increase throughput, avoid performance bottlenecks and provide freedom of interference for safety-related applications.
One of the key features of the CSx is that it supports a variety of use cases with a specific focus on communication requirements, which are increasing in the evolving vehicle E/E architecture.
Nevertheless, CSx also provides special attention to in-vehicle network as well as to vehicle-to-infrastructure (V2X)use cases:
- Intrusion Detection System
- Intrusion Detection Prevention System
- Firewall: feasible with hardware filters in MAC and software
- Authenticated Encryption with Associated Data
- Authentication with Associated Data
- Combined modes
All this allows:
- Minimizing latency and maximizing throughput, as an increasing number of security use cases are expected in the future
- Compliance to new security standards, namely ISO 21434 and UNECE WP.29
- Enabling software-over-the-air use cases, which require secure and safe distribution of software updates from the cloud or within the vehicle network
- Serving Authenticated Encryption with Associated Data and Authentication with Associated Data solutions, which are expected to gain importance in the future