The evolution of automobiles to software-defined vehicles has entailed the deployment of semiconductors which enable some of the most complex electronics seen today. In the past, vehicle electronics implemented flat architectures with isolated functions controlling various components of the power train and vehicle dynamics. These electronic systems communicated primarily through legacy bus interconnect protocols, like controller area network (CAN) and media-oriented systems transport (MOST) technologies.
With the drive of Advanced Driver Assistant Systems (ADAS) to high or complete autonomy (Level 4 and Level 5) a massive restructure of the traditional automotive architecture is in full swing. This "software-defined" vehicle employs new technologies such as lidar (light detection and ranging), radar and camera sensor arrays, automotive Ethernet, Vehicle-to-Everything (V2X) connectivity, automotive (AI/ML inference) processors and more. These next-generation electronic systems of the software-defined vehicle rely on key hardware IP solutions.
Hardware IP for Automotive Security
Electronic systems exist for powertrain and vehicle dynamics, ADAS and automated driving, connectivity, infotainment, and in-vehicle experience. Often at the heart of these electronic systems is a complex, multi-island IC containing multi-core processing, dedicated AI/ML learning engines, and mixed-signal processing. Whether it's a complex system on chip (SoC) or a mixed-signal IC sitting at a sensor edge, security and safety are essential. IC suppliers must build in the necessary safety and security measures to ensure high quality and reliability throughout the operational life of the product.
The introduction of features like remote updating, remote monitoring, vehicle-to-vehicle, and vehicle-to-grid communications have led to an increased focus in securing vehicle systems. The advancements in vehicle electronic systems have unfortunately resulted in an expanding attack surface for adversaries to exploit. In commercial or industrial applications, security is focused on providing trust, protecting assets, and protecting identities. In automotive, these focus areas remain, but another dimension is added as the lack of security has the potential to directly impact safety measures implemented in a vehicle.
Therefore, in the design of vehicle electronics, safety and security aspects are interrelated and co-dependent. The lack of a robust safety architecture can not only cause a design to malfunction, but failures can also open up new security penetration points in the ICs, systems, and the vehicle as a whole. On the flip side, an incomplete security architecture may be used by adversaries to circumvent or disable safety features, making the vehicle vulnerable to run-time failures.
Automotive security has become a key focus area over the past decade as vehicles and their electronic systems have grown in complexity. As a result, several initiatives have been launched to provide a formal framework and approach for vehicle security. As is often the case with security, there are multiple dimensions to the problem. Multiple types of threat models must be considered when analyzing vehicle security, and multiple threat vectors exist for each model, as illustrated in the table below. The table articulates mitigation techniques for a threat model and associated threat vectors as well as the applicable security standards.
Automotive IC safety is achieved through compliance to ISO 26262, considered the state-of-the-art standard guiding the development of electronics and electronic systems within vehicles. Part 5 of the standard details the requirements and work products for development at the hardware level. This includes but is not limited to the guidance regarding requirement specification, analysis, design, and verification of the hardware design. The release of the second edition included Part 11, which offers specific guidance for semiconductor companies developing digital and analog integrated circuits.
Rambus offers embedded Hardware Security Modules (HSM) as silicon IP solutions that meet both safety and security requirements for automotive semiconductor vendors. The RT-640 (ISO 26262 ASIL-B certified) and RT-645 (ASIL-D ready) Embedded HSMs are silicon IP cores that support any automotive-grade CMOS node. The RT-640 and RT-645 solutions provide all the necessary security and safety mechanisms, cryptographic accelerators, and embedded security software to allow any automotive SoC design to comply with the EVITA, SHE+, and AutoSAR security standards.
Taking the RT-640 as our example, it offers a full-featured embedded HSM design combining a secure 32-bit RISC-V CPU, dedicated secure memories, and local non-volatile memory with cryptographic hardware engines, such as a true random number generator (TRNG), a secure hash and HMAC engine, a symmetric cipher accelerator, a DPA-resistant asymmetric cipher accelerator, DPA-resistant key derivation, glitch detection, and a hardware firewall—all extended with ISO26262 ASIL-B safety mechanisms in the hardware as well as in the software implementation.
Integrated in a customer’s SoC design, the RT-640 provides a full suite of security features to an automotive host SoC or processor, including secure boot, security runtime integrity, remote attestation, and broad cryptography acceleration. The RT-640 enhances SoC designs with secure root-of-trust capabilities, offering secure execution of sensitive application code for handling valuable secret assets.
As high-speed automotive Ethernet displaces legacy CAN and MOST networks, Media Access Control security (MACsec) provides the de facto means for securing the network connections between ECUs in automobiles. The MACsec protocol is defined by IEEE standard 802.1AE and is becoming a ubiquitous feature of Ethernet networks. Originally MACsec secured the link between two physically connected devices, but in its current form can secure data communications between two devices regardless of the number of intervening devices or networks.
Given the enormous economies of scale achieved by Ethernet connecting all things computing and networking, many industries are adopting Ethernet as a replacement for legacy communication protocols. Automotive applications require deterministic behavior of the Ethernet link and this is implemented with Time-Sensitive Network (TSN) standards: traffic shaping, priority queues, preemption, and time synchronization. Rambus offers the industry's leading portfolio of MACsec IP solutions including MACsec solutions for automotive specifically tailored for protecting TSN traffic.
Hardware IP for Automotive Connectivity
Building on the enormous design and manufacturing base which made high-resolution, miniaturized digital cameras possible for mobile phones, the universe of MIPI® applications has expanded to the automotive world. Increasingly sophisticated ADAS-enabled cars are brimming with cameras, sensors and displays. Park assist, driver monitoring, blind spot detection, night vision, vehicle security systems and more employ types of automated vision systems. These increasingly use MIPI to enable a growing list of capabilities and functions. Cockpits and infotainment systems also feature a growing number of high-resolution displays, and these too use MIPI PHYs and controllers.
High-level ADAS systems use a fusion of sensors that span the EM spectrum to create a comprehensive 3D image of the dynamic environment around the vehicle. Data from lidar, radar and traditional global shutter cameras are combined to create and update the digital twin of the world the car traverses. All this converged sensor data takes tremendous bandwidth, and the MIPI Camera Serial Interface 2 (MIPI CSI-2®) v3.0 is increasingly the workhorse solution for transporting this deluge of data. The new CSI-2 v4.0 adds RAW24 and Always-On Sentinel Conduit (AOSC) capabilities enabling additional advantages to design architects.
When we think about our choice of connectivity in electronic systems, weight is not normally a first-order consideration, but it absolutely is when it comes to vehicles. A major networking hurdle introduced by the proliferation of sensors is the weight of cabling. In many vehicles, wiring is one of the top four heaviest subsystems. This issue is compounded as more cars go electric adding in the weight of the battery. A Tesla® battery pack, for instance, weighs about 900 pounds which nets out much heavier than an internal combustion engine and a full tank of gas.
What's more, it's often the electric vehicle makers, that are leading the charge for autonomous driving. They need more sensors and better networking while simultaneously needing to reduce weight to compensate for the battery. The weight benefit of MIPI is that it can provide low-latency, high-bandwidth connections with fewer wires than legacy networking solutions. This enables the continued profusion of sensors for ADAS while keeping the weight of cabling low.
Rambus has been a provider of MIPI IP solutions since 2010 and offers 32 and 64-bit digital controllers for MIPI CSI-2 and MIPI DSI-2® applications. Partnering with top-tier MIPI C/D-PHY suppliers, such as Mixel and Samsung, Rambus solutions serve an increasing number ADAS applications with leaders in the automotive market. Rambus supports customers with expert technical support, a full suite of customization and integration services, applicable safety manual, FMEDA and DFMEA.
MIPI IP cores, along with embedded HSMs and MACsec engines, represent a growing portfolio of silicon IP solutions Rambus offers for the automotive market. These hardware IP solutions deliver the performance and security which are key to enabling the software-defined vehicles of the future.
Explore Rambus IP here
- RT-640 Embedded Hardware Security Module (ASIL-B Certified)
- MACSec-IP-161 1G to 50G MACsec Engine with TSN Support
- MIPI CSI-2 Controller Core