Modern cars today contain dozens of computerized modules executing billions of instructions every second. These modules perform diverse tasks from monitoring tire pressure, controlling suspension and steering, applying and monitoring breaks, to advanced driver assistance systems like navigation and entertainment.
Network connectivity in modern cars should be ubiquitous, connecting the multitude of car subsystems essential for performing remote diagnostics, connecting with traffic networks, allowing media streaming and navigation, and providing access to the car vendor for routine software updates. This connectivity can be Wide Area (WAN) or local, within the car or in the proximity of the car. The car owner is rarely aware of this high level of connectivity or the possibility of an attacker gaining access to the many connected systems from afar. Physical access to a module or car can be assumed during the vulnerability discovery phase, but the actual attack is often mounted from a remote location.
Network connectivity opens a multitude of cyber threats to cars, allowing hackers to perform penetration attempts into car systems, execute malicious code and place vehicle users and pedestrians at risk of severe injuries. Theft of data can jeopardise the car owner, the manufacturer, and the infrastructure.
ISO/SAE21434 specifies the requirements for making a car system more robust against cyber-attacks. It outlines the criteria during the concept, development, production, usage and decommission of automotive systems. The requirements of ISO 21434 applies to systems, subsystems and components whose development started after the publication of the standard in August 2021.
ISO21434 has been made mandatory by many car makers and their component suppliers, starting from mid-2022. As a result, the automotive industry is now required to significantly improve how cyber threats are managed. As this standard applies to both the modules and their components, it requires the automotive industry to adapt devices capable of meeting this standard and provide the required protection against cyber threats.
One of the critical components of the electronic modules in car systems is the non-volatile memory, namely the Flash device. This device holds the entire code of the microcomputer and most of the security-critical data such as ID, security keys, user data etc. The Flash thus becomes the target of hackers who will try to extract information from it and modify the content in order to modify the code, erase keys, overwrite keys to a known default value, or modify user data and system ID. Such attacks have dangerous consequences ranging from car immobilisation and car theft to loss of control during high-speed cruising – or even taking down complete infrastructures by executing Distributed Denial of Service (DDoS) attacks.
The majority of focus in handling cyber-attacks goes into preventing unauthorised access and modification of the flash content while allowing the content of the Flash to be updated, usually using a remote Over the Air (OTA) update mechanism. All the protection, access and update mechanisms must work coherently to maintain the system security. However, in most cases, this is an unrealistic goal. To make matters even more complex, the sheer effort of obtaining ISO21434 certification for such complex and multi-layered software can be overwhelming.
ISO21434 mandates software updates as a reaction to identified security vulnerabilities. The software updates need to be urgent and cannot rely solely on shop recalls. They must be pushed directly to the cars via OTA. Such updates will become very frequent and rely on a secure mechanism to carry them out.
The certified secure Flash device family from Winbond was designed from the get-go to simplify the process of taking standard systems and bolting on security in a practical and transparent way. The drop-in replacement secure Flash can increase the security level of any existing or new design with minimal to no change of the system software. The hardware-based design of the secure Flash guarantees that it cannot be modified or hacked. The secure Flash devices from Winbond are fully certified to the most stringent security standards, including CC EAL5+, EAL2+ and ISO21434. Winbond facilities are certified for secure product development and production at the highest security level.
The secure Flash handles operations such as:
- Root of Trust
- Boot security with automatic fall-back code remapping
- Roll-back protected end-to-end secure and encrypted firmware update with built-in fail-safe.
- Section-based cryptographic write protection
- Per section access control including encrypted read and write
- Secure, encrypted Storage
- Data signing mechanism using on-chip keys that are not user-accessible
- Monotonic counters
- Secure watchdog
When used according to Winbond’s guidelines, these operations prevent malicious attacks on the system and make the system resilient to errors and faults. The secure Flash operation is implemented in hardware. Winbond supplies an open-source code support library for quick and straightforward user integration.
With the above operations implemented, the microcomputer operation in submodules is made secure and compliant with ISO21434 requirements – preventing malicious attacks from compromising subsystems in the car.
Winbond is the only vendor of security certified Flash devices. Their secure flash products for automotive are ISO26262 safety certified, offering Automotive Grade quality assurance.