Hardware Based Security – Why Cryptography Cannot Be the Savior

Of course: modern encryption methods help, well, to be secure. The problem, however, is that cryptography works with keys – strong algorithms, such as Elliptic Curve Cryptography (EEC), make life difficult for attackers and sometimes make the profession impossible. However, keys are usually embedded in the software. Once the system is compromised, so is the key, and so is the encrypted data.

This is where hardware-based security finally comes into play: Instead of managing the key material in the software, it is stored in a hardware security module (HSM) that is specially protected against external access. HSMs are always needed where increased protection is required. This can be the case anywhere in a company’s application landscape, from sales to product data management.

All too often, however, there are no security experts in these very departments. Which connector belongs where, which pin, which software, which ECU, to stay explicitly in the automotive environment?

Why Cognizant Mobility is the right partner in the area of hardware-based security

Cognizant Mobility has been active in the field of hardware-based security since 2016 and is one of the absolute preferred partners in this area, having already won several tenders with well-known manufacturers, such as the work on BMW’s automotive security backend center. This was achieved thanks to a high level of expertise – and an awareness of the niche in the field of hardware-based security. Pen testing can also be done by others – but Mobility knows how to use algorithms correctly and integrates them in such a way that a secure application can result.

Of course, development does not stand still either. In order to make applications secure for the threats of tomorrow, novel algorithms developed at universities (e.g., post-quantum cryptography) are already being taken into account in application development today, for example, to be able to secure new generations of control units.

Let’s be clear about this: in conjunction with safety , the topic of functional safety, also a core competency of Cognizant Mobility, an important – a good keyword for automotive manufacturers here would be chip tuning: new software has to be installed, that’s unavoidable, but of course this should only be possible for the car manufacturer. Thanks to hardware-based security, it is possible to “sign” the software exclusively with a special key. The control unit checks this key and only if it knows it and the signature is valid, the software is uploaded. A process that also plays an important role in Robotic Process Automation. Updating and further developing existing applications and integrating new algorithms and HSMs is one of the main tasks of Hardware Based Security, which Cognizant Mobility has been performing since 2016 – successfully, as evidenced by recent and successfully won tenders for large and well-known manufacturers.

Hardware Based Security in the Cloud – Cryptography of the Modern Age

Don’t worry – we are by no means planning to cryptograph the modern age. But your data. And where hardware-based security previously took place “on premise”, i.e. self-hosted, on its own servers in the data center, Cognizant Mobility is currently in the process of moving these applications to the AWS Cloud (Amazon Web Services). Sure – this process is complicated, because the previous process in hardware-based security has been proven for a long time, which is why large manufacturers such as BMW continue to rely on it, but this involves a lot of effort for setup and maintenance. In return, AWS offers managed hardware support for cryptography, specifically called the Cloud HSM Hardware Security Module. Even if this currently only masters a small part of the algorithms used, its appeal lies in the simple setup and integration, bundled with the advantages of the cloud such as availability and speed. While novel post-quantum algorithms are not currently available in the cloud, most standard algorithms are available, and the bulk of requests can be easily processed.

Dreams of the future: What possibilities does hardware-based security offer?

Secure boot in particular is an issue that Mobility always keeps an eye on. As in the BIOS of a normal computer, Secure Boot has a fuse that itself detects changes in the boot loader, for example triggered by a virus, and prevents the operating system from booting. Secure Boot works on the same principle for the control unit, which is cast into the hardware. The ECU checks the cryptographic signature of the boot loader, which in turn checks all subsequent boot days until the ECU software has started. And that is extremely important – so unauthorized access and manipulation are detected – and averted.

Cognizant Mobility, with its experts around Sebastian Huber, has been researching these processes from the very beginning and is therefore one of the most experienced providers on the automotive market in terms of solutions, development and maintenance in the area of hardware-based security. This is how we succeed in promising – and delivering – a secure tomorrow for your applications, too. Solutions on site, made in Germany, in Isar Valley: This is how security works. Hardware-based, future-oriented, secure. For sure.