The crypto challenge of software-defined vehicles

Interviews | August 23, 2023

By Nick Flaherty

Automotive Authentication & Encryption

Cette publication existe aussi en Français

Guillame Forget at Cryptomathic in Denmark, talks to Nick Flaherty about the challenges of cryptographic protection of software-defined vehicles

The automotive industry is running hard to develop software-defined vehicles that can be easily and securely upgraded with new features, but faces major challenges with managing hundreds of millions of cryptographic keys and certificates using a wide range of algorithms.

Software-defined vehicle technology has been in development over the last few years with a major focus on the cloud. This was one of the major drivers of the European GAIA-X project to develop a sovereign hyperscaler infrastructure rather than having to rely on US suppliers such as Amazon, Microsoft or Google.

How to protect systems with evolving cryptographic algorithms, including post-quantum cryptography, and evolving cloud infrastructure is something that Cryptomathic in Denmark has been doing for twenty years. Its experience ranges from secure payment cards with chips from Infineon to the emerging European secure wallet technology that is set to be launched at the end of this year.

This is an issue not just for the software in vehicles but for the communications between vehicles and to infrastructure, particularly smart chargers. It has also resulted in a major push for security certification in the US.

“From the security side we are involved with a large automotive manufacturers and we see when it comes to key management that allows firmware to be signed where do the keys sit?” says Guillame Forget, executive vice president (EVP) for the product lines at Crythomatic and sits on the executive committee of the Cloud Signing Consortium.

“They want to ensure that the application that invoked the service can be in the cloud but the crypto engine they want under their control, even on premise, but we see a shift with hybrid deployments with some elements in the cloud.”

Cryptomathic developed a secure hardware module that sites in the cloud or on a customer premises with all the software to manage billions of certificates and keys securely.

“You have a root of trust, usually set up in the factory, then you add components on top for V2V (vehicle to vehicle) and V2I vehicle to infrastructure). The tendency we see is that the connectivity is fairly recent. The firmware that is being signed will remain but the additional components will be served through the hyperscalers. For example if you want to charge your battery through the grid, the connectivity will become a very important factor and of national if not European importance and the security will become a matter of national concern.”

“You need to sign code, you need to provision keys and certificates, and this is in the hundreds of millions for large automotive manufacturers,” he said. “We professionalise this, ensuring that the keys are kept in hardware. We provide the software stack on top of the random number generator (RNG) in the chips or the module, but managing these hardware security modules (HSMs) and managing a security enclave in the cloud is a challenge for developers, and we allow the organisation to manage the algorithms to provide crypto agility.”

“We have two decades experience in doing this with Infineon and we have generated 10bn certificates on our systems,” he points out. “With vehicles out in the field you need crypto agility for different vehicles and be able to apply new crypto algorithms.”

This includes the ability to use the latest post quantum cryptography (PQC) algorithms recently selected by NIST in the US.

“Ten years ago we developed our Cryto Service Gateway, and even then with the RSA algorithm, you had people that wanted other types of crypto, so we delivered that on a large scale to banking. To us the move to PQC with new algorithms is another justification for us. The secure implementation needs to be done in hardware, with the enclave security module where we can put any algorithm in the cloud, even something that has been developed in-house.”

IoT cryptography

He sees the security requirements from banking are moving into industrial applications, but this brings significant challenges.

“We have other industries such as IoT and automotive that are becoming more regulated because of the connectivity and the systems that they operate in, and this means the attack surface is significantly larger so threat management and the crypto solution needs to change.”

“One of the challenges we see across the different industries who defines the standards and who is liable in the event of a security breach as that requires a good understanding of how the ecosystem operates and regulators have their own view for their own industry. We are agnostic on the security sides and see the different trends across all these different ecosystems.”

“NIST looks at the different initiatives across the different areas, but who is actually looking at enforcing rules that are valid across markets and regions? There is no body that is responsible for that,” he said.

This is where he sees a shift in the focus for GAIA-X. “I think GAIA-X is now more about an interoperability protocol for exchanging data than a sovereign hyperscaler,” he said.

One automotive project in GAIA-X called moveID is using peer-to-peer links and blockchain security to secure its data in software-defined vehicles.

“We need dialogue but if you want to preserve sovereignty in Europe you need to make sure the ecosystem has clear and defined boundaries so that each operator can master its own root of trust, but when it comes to holding the secret you want to be mastering your value chain and this includes the root of trust,” he said. “For example you would not want to rely on the GSMA for your root of trust on an eSIM, it needs to be independent.”

www.cryptomathic.com