34 perimeter of a system with a hardened exterior to a zero-trust environment that secures everything inside to avoid any threats that appear in the network. It is based on a physically unclonable function (PUF), which uses part of a chip with a unique feature, such as SRAM memory. This provides a unique digital fingerprint for a device that can be used as the basis of the security, or a root of trust. This also requires memory-safe code, recognising there could be hundreds of holes in the attack surface from vulnerabilities such as de-allocated memory and buffer overflows. This need for memory-safe code is leading to the use of new languages such as Rust, which avoid these problems, and tools to analyse existing C code for such vulnerabilities. There are now projects to use AI to convert C libraries to Rust, and with this comes guidelines for its safe use. The basic MICROSAR software, based on AUTOSAR, includes security modules that can be tailored by developers. Building a secure architecture in a vehicle requires key storage and complex cryptographic calculations in the ECUs. For this, semiconductor manufacturers integrate hardware security modules (HSM) into microcontrollers. These hardware trust anchors (HTA) serve as a trustworthy source of cryptographic calculations. In addition, moving such calculations to the HSM reduces the load on the microcontroller and frees up resources for the application. MICROSAR firmware works with the HSM in chips from various semiconductor manufacturers. The software can be adapted to provide the following: functions for saving keys; secure boot, symmetrical and asymmetrical cryptographic algorithms; and basic functions with the use of hardware accelerators in the chips. This can also support the updating of encryption keys. Crypto drivers support various types of hardware trust anchors, such as the Secure Hardware Extensions (SHE) and the HSM, and it acts as the interface between the MICROSAR stack and HSM firmware. This also includes the interfaces for Cryptographic Algorithms (CRYIF), Secure Onboard Communication (SecOC) and the Transport Layer Security (TLS) client for secure communications over Ethernet. Secure memory By separating the memory from the host and HSM, content worth protecting remains encapsulated in the HSM and separate from the rest of the application. Cryptographic key material is introduced during production and only referenced during runtime calculations, so the keys never have to leave the HSM. This prevents keys from being read by hacker attacks. Tech focus | Cybersecurity March/April 2025 | E-Mobility Engineering The AUTOSAR architecture (Image courtesy of Vector Informatik) The MICROSAR architecture (Image courtesy of Vector Informatik)
RkJQdWJsaXNoZXIy MjI2Mzk4