Hardware-based security is a term that is underestimated in everyday life: for a long time now, it has not only been computers, e-mails, apps from the store or social media accounts that are the targets of hackers. Corporate networks and high-level government servers also fall victim. Electronic control units (ECUs) in networked vehicles are becoming a potential target for hackers. For example, attackers use bots to find vulnerabilities and compromise software and hardware. Times change, and with them the methods. Anyone who does not cryptographically protect their control units today is moving close to the border of recklessness. By exploiting security gaps, control units could unintentionally instruct the wrong speeds or perform counterproductive driving maneuvers. The potential for damage is considerable. In particularly dangerous attacks, malicious code is inserted into the so-called boot loader, which then ensures that manipulated device software is loaded when the ECU is started.
Cloud IT Professional
Ca. 3 min
Hardware Based Security as a Solution
These vulnerabilities should worry any product manufacturer who has not yet used Secure Boot procedures. In this process, a so-called public key is implemented in the hardware of all control units before they are delivered – in other words, part of an asymmetric encryption process. The other part, the private key, remains in a central key management system on a company-owned server or in a cloud. This private key is now used to digitally sign the firmware of the control unit, also before delivery. The code firmware flows into the signature, so that later not only the authenticity of the manufacturer can be checked, but also whether the firmware itself has been subsequently changed.
After delivery and in operational use, an attack with compromised firmware can now be ruled out. To do this, the control unit uses its public key to check the signature of the firmware that has been installed on it. Only if the check is successful, the firmware is subsequently loaded by the boot loader. Thanks to the asymmetric procedure, the signature is considered forgery-proof because the private key cannot be reconstructed. “Our strengths lie in mastering the entire chain of cryptography. Starting with the key management, the necessary application system, the component hierarchy to coordinate the authorizations, up to the actual implementation in JAVA using JCE (Java Cryptography Extension) or PKCS#11 (Publik Key Cryptography Standards),” comments Sebastian Huber, who works at Cognizant Mobility is responsible for issues relating to hardware-based security.
In A Nutshell
- Key Management
- Secure Boot
- Cloud HSM
- RSA, ECDSA
In doing so, he and his team are increasingly relying on cloud HSM. HSM stands for Hardware Security Module. A hardware component designed specifically for cryptographic operations and, compared to a software-only solution, is better and faster at generating random numbers for the digital key material and signatures. HSM via a cloud additionally guarantees high availability and makes in-house servers for key management obsolete.
The importance of hardware-based security is increasing dramatically due to highly automated driving. Manufacturers should only have to put their hand in the fire for verified firmware. With increasingly complex electronic functions and ever more sophisticated attacks, it is obvious that this is not possible without hardware-based security.
So it’s time for a quick rethink.