With the development of the Internet of Vehicles, smart cars are constantly strengthening the interaction between vehicles and the internal and external environment, realizing all-round connections between vehicles and vehicles, vehicles and roads, vehicles and clouds, vehicles and people, etc., which also makes vehicle information and data security face new challenges - public data shows that as of the end of August 2023, there have been more than 3,700 security vulnerabilities in smart cars, involving more than 1,000 models, and the repetition rate of "popular" vulnerabilities in the industry has reached 70%.
In the face of emerging vehicle safety problems, more and more governments and industry organizations have clearly put forward that "the security of smart cars needs to be built on the basis of security chips", such as CC certification, GP SIP certification, EVITA, GSMA requirements for automotive security, SE (Secure Element) and HSM (Hardware Security Module) have become the security foundation of smart cars and become the default standard in the industry.
On June 27, 2024, Lan Ruifen, Product Manager of Automotive Security Chip of Unisplendour Tongxin Microelectronics Co., Ltd., was invited to attend the "2024 Third China Internet of Vehicles Security Conference" hosted by Gasgoo, and delivered a keynote speech on "Application of Trusted Architecture of Automotive Security Chips in Internet of Vehicles", comprehensively sharing the technical logic and practical cases of automotive security chip solutions, in order to reduce technical barriers and provide upstream and downstream partners with the correct use of security chips.
The status quo of the application of the trusted architecture of the security chip
In the context of software-defined vehicles, vehicle application scenarios are becoming more and more abundant. Security chips are playing a vital role in complex and diverse application scenarios, especially in in-vehicle and off-vehicle communication scenarios. The application of security chips involves various nodes of the vehicle, including OBD security, T-BOX security, in-vehicle gateway security, online upgrade FOTA security, V2X network security, car key security, IVI security, etc.
Source: Unisplendour Tongxin
According to Lan Ruifen, the main functions of the security chip cover root of trust key storage, communication security, sensitive data encryption and identity authentication. In recent years, security chips have been widely used in the field of Internet of Vehicles information security, but in the application process, there are also some cognitive misunderstandings:
Source: Unisplendour Tongxin
1. Users simply equate security with MCU in concept, ignoring many links to be considered in advance.
2. Users often only pay attention to security algorithms, physical protection, etc., and ignore the use of security systems.
At the same time, with the continuous application of security chips in the field of intelligent networked vehicles, the confusion of the industry is also emerging:
How to Achieve Unified Management in Multiple Scenarios?
Is it possible to use a single security chip to handle all scenarios of vehicle use?
To solve the above problems, it is first necessary to understand the "trusted architecture of security chips", and then based on the "trusted architecture", correctly use security chips to empower the safe development of smart cars.
What is the Secure Chip Trusted Architecture?
As early as 2010, the trusted architecture of security chips began to be applied to the financial field, and then expanded to a wider range of security applications. The security chip trusted architecture is the Java Card+GP environment, which is mainly composed of the security chip firmware.
The working principle is as follows: define an SD (Security Domain) in the GP architecture, which can be understood as a "turf". Car companies can put keys, applications, etc. in their own "turf", and all information security permissions are fully managed by car companies. At the same time, different application scenarios such as gas stations and ordering software can also be placed in this chip. In short, in the automotive world, different entities can either integrate in the same chip or manage their own applications independently, and such an environment is the Global Platform, i.e., the trusted architecture.
From a functional point of view, based on the trusted architecture, unified management for multiple scenarios can be realized, and a security chip can be used to achieve cooperation between multiple entities.
"Prescribe the right medicine" and apply the trusted architecture to automotive security chips
Why is trusted architecture a solution to the confusion of automotive security chips? Lan Ruifen proposed that we can return to the composition of the security chip, specifically:
Security Chip System | Source: Unisplendour Tongxin
The first layer is the hardware of the security chip, which acts as specialized firmware to protect against physical attacks.
The second layer is Java and virtual machines.
The third layer is the trusted architecture, that is, the scenario where multiple applications and entities are used together. At present, GP has developed to stage 2.3, and has gradually evolved and penetrated into the field of Internet of Vehicles with the development of applications.
The fourth layer is the interaction between the security parties. Security inevitably involves the encrypter and the decryptor, and the decryptor usually has several carriers, such as the server TSM (which will carry the applet and manage the data); The security chip at the peer end realizes "one core and one password" and then puts it into the corresponding applet to ensure data security.
It is also worth mentioning that there is also a "safe channel" concept in the system that has not been involved in the field of Internet of Vehicles before. The so-called secure channel means that two entities disperse the phased key through random numbers in a known fixed key state, and then carry out two-way authentication and confirmation process key, and then use the key to protect, integrity verification or key encryption in the subsequent instruction interaction process.
Therefore, the trusted architecture of the security chip can ensure security from the underlying environment of the ecological chain, and its value is manifested in four aspects:
First, ensure the safety of the process. No matter what software is carried on the upper layer, the key of the underlying chip will not be leaked.
Second, it can support multi-application interoperability. On this platform, multiple entities can work together, from car companies to a variety of applications to be added in the future, including WPC certification, in-vehicle anti-counterfeiting, in-vehicle payment, etc. When an application is not needed, it can also be easily offloaded and decoupled, so that multiple applications can coexist with each other.
Third, the system has been verified by international security agencies and is a system that users can trust.
Fourth, it is easy to scale. At present, the application scenarios of smart cars are becoming more and more complex, and there are many application requirements, and the system can facilitate the integration and use of applications, so as to "take and use, and go when you don't use it".
As a leading security chip design company in the industry, Unisplendour has integrated its rich practical experience accumulated in the trusted architecture of security chips into the field of intelligent networked vehicles and launched a series of automotive security core solutions.
Unisplendour Tongxin automotive security chip product matrix
The application practice of automotive security chips of Unisplendour Tongxin
Among them, the digital key solution is a typical application case of the Unisplendour Tongxin series of automotive security core solutions.
At present, domestic digital key standards include multiple protocols such as CCC, ICCE and ICCOA, plus international digital key standards, each of which needs to be installed in the vehicle. Lan Ruifen said that with the blessing of the trusted architecture of the security chip, users can make each standard into a separate applet, which is more convenient to operate and more comprehensive in security.
Relying on 23 years of experience in the field of security chips and NFC for NFC, Unisplendour has developed a series of products including SE T97-315E, KeyFob SE T95-141A, NFC key card T92-116F and NFC Reader THN31A, providing an overall solution for digital keys, which can ensure the security of digital keys from the car to the cloud and from the cloud to the end.
Automotive Security Chips | Source: Unisplendour Tongxin
In addition to digital key car machine, car cloud authentication and other scenarios, it is also widely used in China VI T-BOX data encryption, passenger car T-BOX, OBD identity authentication and other fields, its product performance is excellent, showing four major advantages:
1. High security: It has passed the international CC EAL6+, national secret level 2 and other security certifications, and supports international, national secret algorithms and international and domestic relevant specifications, true random number generators, and vehicle-machine interconnection GP standard communication security.
2. High reliability: passed AEC-Q100 certification, full-process closed-loop vehicle regulation control, and low PPM quality management.
3. Low power consumption: Adopt efficient and streamlined self-developed operating system, 1.8V-5V wide working voltage range, enter low-power mode when there is no communication, and meet the low-power requirements of Internet of Vehicles and Internet of Things.
4. One-stop solution: with a full set of solutions of chip + firmware + SDK, it can provide flexible and customized security services.
At the same time, compared with the process of ending the production of traditional ICs, the deployment solution of Unisplendour Tongxin automotive security chips involves more links - relevant components will be attached when the IC leaves the factory, providing safe and credible personalized filling services, and building a trusted environment for users to safely store keys or authenticate chips, and the entire deployment process covers all aspects from the factory to the cloud to filling, and will consider the overall situation one step ahead of customers.
SE Deployment Scheme | Source: Unisplendour Tongxin
In short, the trusted architecture of the security chip built by Unisplendour can provide end-to-end full-path security support for digital keys, ensure the integrity and effectiveness of data transmission, and greatly shorten the adaptive development cycle of automobile manufacturers. It supports a variety of digital key forms, can meet different usage scenarios and consumer groups, and has been introduced into a number of leading Tier1 and most domestic OEMs to achieve large-scale and stable shipments.
Adhering to the corporate vision of "illuminating a happy life with the light of science and technology", Tsinghua Unigroup has always been committed to working with partners to create high-security and high-reliability automotive security chip solutions, and continuously improve the product matrix of automotive control chips, power devices, power management chips, driver chips, intelligent sensors and other products, forming a business layout based on information security and functional safety, gradually covering peripheral supporting products, and comprehensively helping the safe implementation of smart car scenarios.
At the "2024 3rd China Internet of Vehicles Security Conference", all the innovative achievements of Unisplendour Tongxin automotive security chips were unveiled, attracting many professionals to visit and exchange.