HSM based Electronic Controller Unit level Security Solution

Need for HSM based ECU Security techniques

Increase in network connectivity, increase in cyber hacking threats

The recent launch of connected and autonomous-driving cars has increased the connectivity of vehicles and external networks, raising the threat of cybersecurity.

Cyber hacking attacks can cause quality problems [Quality A/S problems due to illegal ECU tuning] and safety issues to passengers [risk of accidents due to vehicle random control].

Application of HSM chips to ECU, is not enough to meet the latest security requirements

The automotive industry has already recognized the need for ECU security and has come up with Hardware Security Module (HSM) as a way to increase security and reduce costs through EVITA projects. However, just applying an HSM chip to ECU is not enough to respond to the ever-evolving requirements of global OEMs.

FESCARO’s efforts for ECU Protection

ECU Firmware and Passenger Safety Protection

FAST-HSM is installed on HSM to block external manipulation through multi-layered protection techniques such as Secure Debug, Secure Access, Secure Flash, Secure Boot. In addition, it manages certificates and cryptographic keys in a secure storage inside the HSM and protects communication messages between ECUs through secure cryptographic key agreements and the implementation of Secure Communication.

FAST-HSM provides powerful security solution to protect the safety of passenger as well as ECU firmware.

Best Fit for Mass production of customer products

FESCARO engineers are former ECU developers who have expertise in ECU systems and vehicle operating mechanisms and have experience in carrying out numerous mass production projects.

FAST-HSM is designed to make ECU security easier and faster for customers to mass-produce. An optimization process for each controller characteristic is required to meet the security requirements of global OEMs. FAST-HSM offers customizing services for customers to meet their security requirements 100%.

FAST™ HSM Advantages

FAST implementation of
ECU protection techniques
for mass production is possible.

Fescaro Advanced Security Trust-anchor

High Performance

FAST speed
optimized for automotive embedded environments

  • Preemptive scheduling
  • Multi-session
  • Synchronous/non-synchronous processing
  • Streaming APIs with Start/Update/Finish

Powerful Technical Support

FAST mass production application
Quality certification & Mass production reference

  • Achieved Global A-SPICE Level 2, CMVP Certification
  • Numerous reference of applying ECU security technique to mass production
  • Integration of ECU security technique for mass production application within 1 month(*)
    (*) Schedule may vary depending on the target MCU

Easy Integration

FAST security response
by supporting team of experts dedicated exclusively for each customer

  • Has FAST HSM dedicated engineers with expertise
  • Immediately respond to new requirements
  • Immediately respond to field problems after mass production
  • Provides secure FAST™ HSM firmware update

FAST™ HSM Main Function


8 types

Supported Functions

6 types

Use Cases

10 types

FAST™ HSM, optimized for applying ECU security technology for mass production


  • RTOS optimized design
  • Provide Standard API for HSM access


  • Host: Flash(10KB), RAM(1KB)
  • HSM: Flash(144KB), RAM(40KB)




  • General road environment and harsh environmental performance tested


HW Acce: Support HSM EVITA Medium/Full in MCU

HW Acce: Support HSM EVITA Full in MCU

Algorithms Specification Support
  • Supported Key Sizes: 128 / 192 bit
  • Supported Modes: ECB, CBC, CTR, GCM, XTS
Support both SW Lib, HW Acce
MAC AES-CMAC, HMAC-SHA2 Support both SW Lib, HW Acce(CMAC Only)
Random Number Generator
  • Support both SW Lib, HW Acce
  • Support SW Lib
Hash SHA-256, SHA-512 Support both SW Lib, HW Acce
  • Moduli: 1024 / 2048 bit
  • Fast decryption with CRT
  • Key Generation
Support SW Lib
  • Moduli: 256 bit
  • ECDSA signature generation/verification
Support both SW Lib, HW Acce
Diffie-Hellman Key Agreement dhEphem with KDF Support SW Lib
PKCS#1 OAEP / PSS / PKCS#1-V1_5 Support SW Lib
Certificate X.509 parser including a DER parser Support SW Lib

Supported Functions

Supported functions Explanation Task
Multi-Session Enable efficient parallel processing by supporting multi-session Enhanced performance compared to single session
Synch/Async Processing Support both sync/async processing Eliminate unnecessary latency
Preemptive Scheduling Ensuring priority-based task scheduling Priority allocation of each task
Secure HSM Update Secure update of HSM firmware itself Continuous security and performance enhancement
Streaming API Addition of dynamic data using Start / Update / Finish API Dynamic addition of new data
Fail-Safe Continuous monitoring to detect exceptional situations and restore memories Flash memory failure restoration

Use Cases

Application Contents
HSM Enable/Disable Activation / De-Activation of HSM Function
Secure Access Certificate based Seed & Key authentication process
Secure Flash Secure firmware update by certificate based electronic-signature verification
Secure Boot Minimization of boot time by HW-AES based CMAC verification
Secure Communication Verification of communication message integrity through addition of MAC and counter value
Secure Storage Secure storage for cryptographic key, certificate, log, and etc.
Run-Time Tuning Protection Real-time search for any illegal change of operating firmware
Secure HSM Update Secure HSM firmware update
Memory Protection Protection for writing / reading of flash memory
Secure Debug Debugging interface access control


If you have any questions regarding our product, please fill out the form below, so we can provide quick and efficient service. For urgent matters, please contact Customer Support.


FESCARO collect the following personal information for receiving and answering customer inquiries.

  • Objectives: To receive and answer customer inquires
  • Subjects: name, job title, department, company name, and contact information(cell phone number or company phone number, and email address)
  • Period of use and retention of personal information: 1 year from the collected date
  • *Note that you may not grant your consent to FESCARO to collect and use your personal information. However, if you do not agree to the disclosure of your personal information, you would be disadvantaged for service we provide.