As cybersecurity threats to controllers inside a vehicle increase, OEMs are specifying their requirements for cybersecurity function application.
To raise the cybersecurity level of the controller, application of HSM cybersecurity solution is mandatory, and stability, performance, cost, after service ease shall all be
considered for selecting the HSM cybersecurity solution.
For OEM's Cybersecurity feature requirements,
how and what solutions should we apply?
how and what solutions should we apply?
-
OEMs ask for cybersecurity solution but I don’t know what to do.
-
It’s difficult to select semiconductor chip that supports HSM.
-
The cybersecurity solution cost is a burden, and engineering support is slow.
-
Engineering support after SOP is also a burden.
Ensure reliability with the solution that has been embedded to
40+ different controllers.
40+ different controllers.
-
- FESCARO developed HSM solution
-
- A-SPICE (Automotive SW dev. process & Quality Evaluation) LV2 certified
- US government(NIST)’s crypto algorithm related FIPS 140-2 certified
- Cryptographic library (FAST™ CLIB) implemented by crypto algorithm
- Compatible to various global automotive semiconductors
(8 Manufacturers, approx. 46 models & continuous support for new chips) - Immediate response is available if new request & update after production is required
-
- Satisfy requirement of International regulation(UNR 155) &
Automotive OEM -
- Cybersecurity application (Secure Access, Secure Boot, Secure Flash, Run-time Tuning Protection, Secure Storage, Secure Unlock, Memory Protection, etc.)
- Offer solution optimized for each chip property & chip environment
- Satisfy requirement of International regulation(UNR 155) &
-
- Applied to production for ICV/BEV of
a Global Automotive OEM -
- Applied to 41 type mass produced controllers
- Reliability ensured with various references
- Applied to production for ICV/BEV of
Protect your controller with professional cryptographic algorithms
and Cybersecurity features.
and Cybersecurity features.
Algorithms
- HW Acce: Support HSM EVITA Medium/Full in MCU
- HW Acce: Support HSM EVITA Full in MCU
| Algorithms | Specification | Support |
|---|---|---|
| AES | Supported Key Sizes: 128 / 192 bit Supported Modes: ECB, CBC, CTR, GCM, XTS |
Support both SW Lib, HW Acce. |
| MAC | AES-CMAC, HMAC-SHA2 | Support both SW Lib, HW Acce. (CMAC Only) |
| Random Number Generator | NDRNG: TRNG DRBG: Hash-DRBG, HMAC-DRBG |
Support both SW Lib, HW Acce |
| Hash | SHA-256, SHA-512 | Support both SW Lib, HW Acce |
| RSA | Moduli: 1024 / 2048 bit Fast decryption with CRT Key Generation |
Support SW Lib |
| ECDSA | Moduli: 256 bit ECDSA signature generation/verification |
Support both SW Lib, HW Acce |
| Diffie-Hellman Key Agreement | dhEphem with KDF | Support SW Lib |
| PKCS#1 | OAEP / PSS / PKCS#1-V1_5 | Support SW Lib |
| Certificate | X.509 parser including a DER parser | Support SW Lib |
Use Cases
| Application | Contents |
|---|---|
| HSM Enable/Disable | Activation / De-Activation of HSM Function |
| Secure Access | Certificate based Seed & Key authentication process |
| Secure Flash | Secure firmware update by certificate based electronic-signature verification |
| Secure Boot | Minimization of boot time by HW-AES based CMAC verification |
| Secure Communication | Verification of communication message integrity through addition of MAC and counter value |
| Secure Storage | Secure storage for cryptographic key, certificate, log, and etc. |
| Run-Time Tuning Protection | Real-time search for any illegal change of operating firmware |
| Secure HSM Update | Secure HSM firmware update |
| Memory Protection | Protection for writing / reading of flash memory |
| Secure Debug | Debugging interface access control |