What's is Car MCU

16. března 2016 v 8:45
Automotive advanced driver assistance systems (ADAS) relates ABS reset tool anti-lock brakes, airbag reset tool, brake control, steering control, engine control, cruise control, start and stop, automatic parking, integrated navigation (GPS and Gallileo), etc., as this system was introduced, automotive ecosystem is becoming more interconnected and more complex. At the same time, automotive electronics also replaced a lot of trivial features such as light control, air conditioning, power windows, engine start, door opening, adjustable and heated seats, and so on.
In general, each function of the car by a network microcontroller (MCU) to manage these MCU use the same communication bus to exchange data and information, including for power transmission, chassis and body electronics functions CAN, FlexRay or LIN bus, and MOST fiber-optic network for the infotainment system and Ethernet.
Development environment from a purely mechanical to complex electronic environment, despite the active and passive security aspects as well as driver and passenger comfort point of view, does add a lot of added value, but at the same time, since these engine control unit (ECU Tuning Tool) cross each other even, it also raised significant safety concerns privacy and data reliability. For example, decades ago, CAN bus is designed not required to have a high degree of safety, in fact, the car's internal communication bus CAN message will be sent to any other part of the system, and does not support any authorization, identification and encryption protocols. Modern cars use CAN bus to exchange data used to open the doors and start the engine, this information between the ECU and the electronic key inside the vehicle ECU exchange. If the system is compromised, thieves can easily steal the car, and that "hackers" can also access the car to see the car GPS haunts, from the driver to ascertain where and when cars unattended.
In addition, Bluetooth, GPRS or UMTS for implementing e-mail, SMS, video streaming, video phones and other mobile Internet functions, but also expanded the "hacker" attack surface, they can remotely access, intrusions, any communication and driving systems, or insert malicious software to steal all kinds of data, such as real-time location of the car, the route often use and complete the dialogue.
Automotive hardware security architecture
As the name suggests, an "open system" is exposed, it faces the possibility of implementation of various types of attacks are on the rise in several ways. Automobile body interior and the continuous development of external communication networks, automotive electronics is rapidly challenging their own security capabilities.
So far, since the most commonly used transfer bus CAN internal weaknesses, it has been from the perspective of software applications to study the "attack surface." But now, the industry began to turn their attention to the hardware architecture, and how to "seal" ECU makes it difficult to penetrate and avoid illegal manipulation, such as unauthorized installation, the malware contained, "Trojan horse" software upgrades and false, or at least limit illegal access and leave conclusive evidence of tampering.
Because of this, through the silicon device manufacturers and a leading automotive OEM manufacturers, to develop a new generation of capabilities for the automotive MCU. Such quad-core microcontroller using special security kernel that HSM (Hardware Security Module), to provide security and protection, HSM contains an internal security system configuration, security starts, ends, external access protection, flash protection, encryption and protection of life Wait.
Figure 1 is embedded inside the ECU HSM Hardware Security Module
Figure 1 is embedded inside the ECU HSM Hardware Security Module
Shown, HSM module embedded in the ECU shown in Figure 2, and absolutely independent of other memory and peripheral access to the relevant kernel data and code flash sector has a dedicated, reserved and strictly limited access.
2 security features five different stages of configuration
2 security features five different stages of configuration
Configure system security
System security configuration is the first step in the protection of sensitive data at the hardware level before powering the reset stage full control over the initial configuration, to prevent unauthorized access and unauthorized tampering.
Use of equipment configuration format (DCF), a silicon device manufacturers and software developers are able to retain all the initial configuration, which can puncture test internal DCF-related special memory address, ECC (error correcting code) during start-up and breakdown test and inspection user errors and parity errors.
In the reset phase, using a variety of incremental steps, you can check some of the security features. In this way, cross-checking is controlled by a few parameters, you can prevent a variety of means to attempt to modify the special memory address, or forcibly change the startup to load the new firmware malicious attempts.
Rule-based architectures device features pre-defined state. Several safety design provides a level of security so that the software developer has a high degree of freedom in the final realization of their applications. In fact, some low-level software applications often can give third-party developers, and design and implementation of incremental, irreversible protection to meet the requirements of different developers raised. In addition, most security mechanism is activated to consider the life cycle of the equipment (DLC) situation. Silicon device manufacturers and software developers can build five possible increasing the irreversible configuration, in order to achieve counter-measures against intrusion and manipulation attacks.
For each stage, the level of security will be enhanced, and can not be revoked. From the beginning of the second stage, the customer delivery stage, this very limited security mechanism for the software development phase to provide the greatest degree of freedom, and in the open field device stage, complete a variety of security features.
Typically, the transition phase to the production phase in JDP customer delivery stage, transferred from the original equipment manufacturer to the hands of the hands of the first software developer, which the MCU integrated into more complex systems. Delivery stage to OEM customers from the production stage, the third party in order to protect their intellectual property, usually for the last device development software applications. Eventually, the stage equipment arrived at the scene, we need to take a series of control and protective measures irrevocable end application in automotive embedded inside to meet OEM manufacturers and system developers and car manufacturers requirements. "Fault" is the final stage of production equipment used to test the device to be returned to the factory system, in the process, some of the relevant security features will be disabled, to avoid the MCU because the life cycle of protection have been identified to fail.
More relation product search: WODB2 Foxwell


Buď první, kdo ohodnotí tento článek.

Nový komentář

Přihlásit se
  Ještě nemáte vlastní web? Můžete si jej zdarma založit na Blog.cz.

Aktuální články