Our automobiles are increasingly reliant on software. The potential security attack surfaces multiply as the auto industry adds more software-defined functionality to our vehicles, and the prospect of fully autonomous cars is ever more likely. EE Times Europe spoke to Brian Carlson and Joppe Bos of NXP Semiconductors to understand the benefits of migrating to software-defined vehicle (SDV) architectures and the future security threats posed by quantum computing technologies.

 

Preparing for post-quantum cryptography

 

The commercial availability of quantum computing technologies will disrupt today’s computing capabilities. Although quantum computers are likely to be used initially for scientific, medical and planetary research purposes, their impressive performance metrics also present a significant threat to our contemporary security algorithms. Classical public key infrastructures and digital signatures rely on complex mathematical algorithms. However, in the post-quantum cryptography (PQC) era, such hard mathematical problems are solved instantly, opening up computing systems and secured data to attacks from adversaries.

 

Joppe Bos, senior principal cryptographer at NXP Semiconductors.

NXP’s Joppe Bos

Estimates vary when quantum computers may be accessible by adversaries, but most experts agree it will be by the end of this decade. Having been aware of this reality for some time, national security agencies and security industry organizations are well-advanced in ratifying new PQC standards.

 

“Quantum computers are getting bigger and bigger, and they will have a massive impact on public key cryptography since key exchange algorithms and digital signatures are used everywhere,” said Joppe Bos, cryptographer and technical director at the Competence Center Crypto and Security in the CTO organization at NXP. “For software updates and secure boot, digital signatures are the key components of software authenticity. The timeline is often based around when a quantum computer may be available, but we and most of our customers are looking at the timelines set by standardization bodies and migration guidance documentation set by various government institutions. Depending which guidance you read, migration roughly ends in 2030 or 2033.”

 

Brian Carlson, global marketing director for automotive processing at NXP, added an essential aspect of the timeline: “We’re already working with customers [for automotive systems] that will enter production in 2027 and 2028, so in reality, the deadline is only two years away. That is why this is really critical, since standards are due to be published in 2024, so by 2025, customers will already be working on planning decisions for vehicles due out in 2030. It comes a lot faster than you think, so that’s why this timeline is crucial.”

 

SDVs bring system consolidation benefits

 

Alongside electrification, developing SDVs is one of the hottest topics in the automotive industry. “We’ve been seeing manufacturers move to domain architectures, and many are now moving to zonal architectures,” Carlson said. “This is all about creating an SDV. The legacy approach to defining vehicle functionality through hardware ECUs is broken, hence the move to defining functionality through software. A new breed of processors allows the consolidation of many functions and will enable you to have more of a centralized supercomputer in the middle.”

 

 

Carlson shared with EE Times Europe the example that a lot of sensors today are hardwired to specific ECUs. “Now what is happening is you can leverage multiple sensors to create a whole new experience by fusion of the sensor data, creating synthetic sensors that can open up new opportunities and functionality. Data is the lifeblood of SDVs, especially with electrification. The first big wave is how we manage the EV battery, using machine-learning intelligence to improve the range of the vehicle. Also, the concept of Connected Vehicle 3.0 is about more than just sending raw data to the cloud. It’s about serving intelligence at the edge, where you have privacy and you can make real-time decisions.”

 

Centralizing a lot of vehicle functionality using a central computer significantly aids functional consolidation. Carlson gave the example of an OEM that recently consolidated 15 ECUs into one, reducing the overall ECU count by 33%. Also, this approach benefits by reducing cabling costs and weight.

 

“The OEM customer reduced the vehicle’s wiring to <1.5 km, which is pretty good,” Carlson said. “I’ve heard of numbers like 3 km used in some cars.”

 

Delivering robust and resilient security for SDVs

 

SDV security risks Software-defined vehicles NXP Semiconductors

Bos told EE Times Europe that the centralized processor in the middle of the SDV’s compute capabilities is important in preserving security. “It’s not just about maintaining security within the vehicle but the data sent to the cloud. With post-quantum cryptography, it’s not just about the data in motion but also the stored data—data stored in the cloud today, for example, with PQC an adversary could decrypt in the future.”

 

For SDVs, Bos noted the two main use cases of a secure boot and a secure update mechanism. He told EE Times Europe about the latest devices in NXP’s S32G family of vehicle network processors that support PQC integration.

 

“Unlike the classical RSA and ECC cryptographic public key and digital signature algorithms that use key sizes up to 512 bytes, the proposed Dilithium-3 PQC algorithm utilizes key lengths up to 3,293 bytes,” he said. “These significantly larger key sizes require more storage space, and the more complex algorithm requires more computation power, both features of the latest NXP S32G2 and S32G3 devices. The latest S32G3 processor has 30 processor cores within it, and it’s all about safety and secure networking, supporting interfaces in the vehicle to do real-time analysis.”

 

With the NXP S32G2 family (see Figure 2), the hardware secure element provides the required space for the larger PQC keys. Bos described the secure boot process (Steps 1 through 7) to authenticate the firmware and system images.

 

The PQC secure boot process of the NXP S32G2 (Source: NXP Semiconductors)

Automotive OEMs taking responsibility for end-to-end security

 

EE Times Europe asked Carlson how the industry was adapting to embrace a more centralized approach to an SDV’s security. He said, “OEMs are really interested now when they’re making big platform decisions. It is no longer just doing a specification and passing it to a Tier 1 supplier to select an IC and provide a black box. The whole automotive ecosystem has fundamentally changed to where the OEM takes more responsibility for the platform’s overall end-to-end security. In the past, if you look at how vehicle security was treated, where there might have been 50 or 60 different processor types, each one had different weaknesses or potential issues. OEMs are now taking the platform decisions very seriously with a consistent approach that can scale into the future, and that can not only scale within their model year but scale to upgrade those vehicles over time, including upgrading security.”