[Introduction]The rapid development of the Internet of Things brings new possibilities and changes the way people live, work and play. As the Internet of Things connects the world more closely, the risks brought by hackers and other security breaches also keep proliferating. Nowadays, people have fully realized the importance of protecting the security of daily networked devices, and attach great importance to the information security of their mobile phones and computers.
The rapid development of the Internet of Things brings new possibilities and changes the way people live, work and play. As the Internet of Things connects the world more closely, the risks posed by hackers and other security breaches continue to proliferate. Nowadays, people have fully realized the importance of protecting the security of daily networked devices, and attach great importance to the information security of their mobile phones and computers. However, the security of the Internet of Vehicles is still often overlooked. In fact, the security vulnerabilities of ICVs have become an urgent problem to be solved in recent years.
Even as one of the most advanced smart cars on the market, the Tesla Model 3 is not immune to the security threats posed by networking. Back in March 2019, hackers targeted Tesla’s in-vehicle infotainment system, exploiting a JIT vulnerability in the renderer to take control of the system. Although the attack was a pre-authorized exercise that did not pose a risk to car owners, it exposed security vulnerabilities in the car’s Electronic systems. This weakness must be addressed if cars are to become smarter and connected to the world’s growing IoT infrastructure.
Automotive applications in the new era promote higher standards of information security and safety of people and vehicles
With the boom of smart cars, today’s cars are equipped with more and more advanced electronic functions, including advanced driver assistance systems (ADAS), gateways, powertrains, infotainment systems, V2V and V2X, etc. These new functions have extremely high requirements on the security of networked information and the safety of people and vehicles. As a key component of these systems, flash memory has become the focus of its security.
After decades of application development, flash memory has been widely used in the automotive electronics market. However, currently the most widely used embedded flash memory solutions are mainly based on traditional technologies and architectures, and there is no proper certification to ensure its security and protection functions, so its potential huge security risks cannot be ignored.
In the automotive system, the safety of people and vehicles is the most basic requirement that the system must have under the tolerable risk level stipulated by the ISO 26262 standard. In the past, these risks were mainly the responsibility of automakers and subsystem suppliers, but with the increasing complexity of automotive electronic products, IC manufacturers also play an important role in the protection of functional safety. Requirements, including the protection of key Flash security of code and data.
The information security of automotive electronic systems is essentially to hide information and encrypt all data to prevent hackers from stealing vehicle and owner information through complex mechanisms such as side channels. Therefore, the data stored in the flash array must be mixed with encryption, and the communication channel must also be highly encrypted. The safety of people and vehicles in automotive electronic systems is reflected in the establishment of complete observability, error detection and maximum information transparency. In addition to the data stored in the flash memory that needs to be verified, the flash memory itself should also have high quality with a defect rate approaching 0 DPPM. In addition, defect analysis must be used to improve quality and detect root causes of failures.
Problems that automakers cannot avoid
Manufacturers of automobiles and automotive electronic systems must think about the tough issues ahead of time, rather than review them after a security breach. Automakers can choose the type of flash memory technology they want to use, and that choice will play a key role when consumers hit the road—whether they keep their cars safe or expose them to danger. So, before you decide to trust and use a flash memory product to keep your product safe, consider the following:
● Has the flash memory technology passed the CC EAL5+ certification? What level does it belong to?
Security solutions that are not internationally certified are not truly secure and trustworthy. CC EAL5+ certification means that flash memory meets the highest security requirements for any automotive application, including V2V and V2X. At this highest level of protection, the architecture can detect even the tiniest unauthorized changes in the data and report it to the host immediately, and this reporting mechanism cannot be blocked. Whether due to malicious attack or system failure, the data it stores is protected from any unauthorized modification. In addition, the flash array should be additionally protected by CRC detection codes, and the flash logic should also contain sophisticated logic to detect any abnormal conditions. At the same time, the SPI interface protocol also adds a layer of encryption and error detection functions to ensure security and avoid errors.
● Is the manufacturer of your flash memory solution ISO 26262 certified for security?
The ISO 26262 “Functional Safety of Road Vehicles” international standard released in 2011 is an important certification indicator to verify whether automotive electronics suppliers meet the requirements of ASIL (automotive Safety Integrity Level). ISO 26262 automotive safety certification includes functional safety for the entire automotive product life cycle, from the concept stage to the management of complete systems, hardware and software design and validation, manufacturing, use, maintenance and decommissioning services. ISO 26262 ASIL-D certification represents the highest level of risk management, and electronic components or systems using this level of products also meet the most stringent international safety requirements. The automotive flash memory devices used to store key functional codes for vehicles should also meet such high-level security requirements, and reduce vehicle security risks by providing a highly reliable code storage method.
● Is your security solution scalable and programmable? How is the root of trust enforced? Does your security solution support Platform Resiliency?
It is important that the security solution supports platform firmware protection and recovery capabilities so that it can evolve and adapt over time to protect the system from damage. For MCUs and SoCs using traditional ROM (Read-only Memory) or embedded flash memory (Embedded Flash), their security and protection must be implemented through software, and the root of trust code is stored in ROM, making these systems neither suitable for future security Attacks do protection upgrades and do not have system resilience. In contrast, today’s newer programmable-design secure flash solutions, whose security is implemented in both software and hardware, allow the root of trust to be continuously updated and upgraded to address the ever-expanding threat landscape, and provide platform firmware protection and restore function.
Combining all the above reasons, the new generation of flash memory solutions are obviously more secure in automotive systems, which enable code and data to be transmitted between the secure area and the SoC or MCU through an encrypted SPI standard interface. In the near future, cyber-attacks will become common and sophisticated, and regulations will become more stringent, and in order to comply with various automotive safety guidelines and standards, more secure flash memory solutions will become indispensable.
The development trend of future cars
From the body to the powertrain to the infotainment system, electronics play a vital role in every part of today’s cars. With the ever-increasing demands of consumers for safety, information security, infotainment, comfort and convenience, and fuel prices, future cars will be equipped with more electronic components. Whether the security requirements of core technologies in the automotive field such as flash memory can reach the highest level of security protection will also become the focus of everyone’s attention. Moreover, with the rapid development of technology, the security threats brought by hackers are becoming more and more complex, and semiconductor manufacturers are accelerating their pace to develop more advanced and effective solutions to defend against attacks. In the future, car security will definitely not be the part people want to save money on in their cars.