FAST™ HSM
HSM based Electronic Controller Unit level Security Solution
Need for HSM based ECU Security techniques
Increase in network connectivity, increase in cyber hacking threats
The recent launch of connected and autonomous-driving cars has increased the connectivity of vehicles and external networks, raising the threat of cybersecurity.
Cyber hacking attacks can cause quality problems [Quality A/S problems due to illegal ECU tuning] and safety issues to passengers [risk of accidents due to vehicle random control].
Application of HSM chips to ECU, is not enough to meet the latest security requirements
The automotive industry has already recognized the need for ECU security and has come up with Hardware Security Module (HSM) as a way to increase security and reduce costs through EVITA projects. However, just applying an HSM chip to ECU is not enough to respond to the ever-evolving requirements of global OEMs.
FESCARO’s efforts for ECU Protection
ECU Firmware and Passenger Safety Protection
FAST-HSM is installed on HSM to block external manipulation through multi-layered protection techniques such as Secure Debug, Secure Access, Secure Flash, Secure Boot. In addition, it manages certificates and cryptographic keys in a secure storage inside the HSM and protects communication messages between ECUs through secure cryptographic key agreements and the implementation of Secure Communication.
FAST-HSM provides powerful security solution to protect the safety of passenger as well as ECU firmware.
Best Fit for Mass production of customer products
FESCARO engineers are former ECU developers who have expertise in ECU systems and vehicle operating mechanisms and have experience in carrying out numerous mass production projects.
FAST-HSM is designed to make ECU security easier and faster for customers to mass-produce. An optimization process for each controller characteristic is required to meet the security requirements of global OEMs. FAST-HSM offers customizing services for customers to meet their security requirements 100%.
FAST™ HSM Advantages
With FAST™ HSM,
FAST implementation of
ECU protection techniques
for mass
production is possible.
Fescaro Advanced Security Trust-anchor
High Performance
FAST speed
optimized for automotive embedded environments
- Preemptive scheduling
- Multi-session
- Synchronous/non-synchronous processing
- Streaming APIs with Start/Update/Finish
Powerful Technical Support
FAST mass production application
Quality certification & Mass
production reference
- Achieved Global A-SPICE Level 2, CMVP Certification
- Numerous reference of applying ECU security technique to mass production
- Integration of ECU security technique for mass production application within 1 month(*)
(*) Schedule may vary depending on the target MCU
Easy Integration
FAST security response
by supporting team of experts dedicated
exclusively for each customer
- Has FAST HSM dedicated engineers with expertise
- Immediately respond to new requirements
- Immediately respond to field problems after mass production
- Provides secure FAST™ HSM firmware update
FAST™ HSM Main Function
Algorithms
8 types
Supported Functions
6 types
Use Cases
10 types
FAST™ HSM, optimized for applying ECU security technology for mass production
General
Feature
- RTOS optimized design
- Provide Standard API for HSM access
Minimal
Resource
- Host: Flash(10KB), RAM(1KB)
- HSM: Flash(144KB), RAM(40KB)
Standard
Compliance
- SHE, EVITA,
- AUTOSAR(CSM, SecOC)
Stable
Performance
- General road environment and harsh environmental performance tested
Algorithms
HW Acce: Support HSM EVITA Medium/Full in MCU
HW Acce: Support HSM EVITA Full in MCU
| Algorithms | Specification | Support |
|---|---|---|
| AES |
|
Support both SW Lib, HW Acce |
| MAC | AES-CMAC, HMAC-SHA2 | Support both SW Lib, HW Acce(CMAC Only) |
| Random Number Generator |
|
|
| Hash | SHA-256, SHA-512 | Support both SW Lib, HW Acce |
| RSA |
|
Support SW Lib |
| ECDSA |
|
Support both SW Lib, HW Acce |
| Diffie-Hellman Key Agreement | dhEphem with KDF | Support SW Lib |
| PKCS#1 | OAEP / PSS / PKCS#1-V1_5 | Support SW Lib |
| Certificate | X.509 parser including a DER parser | Support SW Lib |
Supported Functions
| Supported functions | Explanation | Task |
|---|---|---|
| Multi-Session | Enable efficient parallel processing by supporting multi-session | Enhanced performance compared to single session |
| Synch/Async Processing | Support both sync/async processing | Eliminate unnecessary latency |
| Preemptive Scheduling | Ensuring priority-based task scheduling | Priority allocation of each task |
| Secure HSM Update | Secure update of HSM firmware itself | Continuous security and performance enhancement |
| Streaming API | Addition of dynamic data using Start / Update / Finish API | Dynamic addition of new data |
| Fail-Safe | Continuous monitoring to detect exceptional situations and restore memories | Flash memory failure restoration |
Use Cases
| Application | Contents |
|---|---|
| HSM Enable/Disable | Activation / De-Activation of HSM Function |
| Secure Access | Certificate based Seed & Key authentication process |
| Secure Flash | Secure firmware update by certificate based electronic-signature verification |
| Secure Boot | Minimization of boot time by HW-AES based CMAC verification |
| Secure Communication | Verification of communication message integrity through addition of MAC and counter value |
| Secure Storage | Secure storage for cryptographic key, certificate, log, and etc. |
| Run-Time Tuning Protection | Real-time search for any illegal change of operating firmware |
| Secure HSM Update | Secure HSM firmware update |
| Memory Protection | Protection for writing / reading of flash memory |
| Secure Debug | Debugging interface access control |