What are Hardware Security Module????
HSM (Hardware Security Module) are dedicated hardware subsystems (CPU basically) which perform all cryptography services & operations like:
- Processing of Crypto Algorithms.
- Key management/storage/derivation,
- Use of keys and crypto algorithms for the data authentication,
- Verification and generation of digital signatures,
- And other crypto functions to provide security to embedded devices (Smart Payment Cards, bank ATM cards, Automotive ECU’s and etc.) from malicious attacks.
HSM is used in Microcontrollers/SoC for industries like electronic card payments (Credit/Debit Cards), IoT chips sets, Autonomous Automotive applications.
HSM are dedicated CPU, which are integrated with in a large IC. That is, HSM is like co-processor which works in align with main CPU, to provide all cryptography needs, operation and functions.
HSM have dedicated standards and architecture for the industry they are used in. Cryptography is the same in all but its implementation and use cases vary from industry to industry. In the case of Automotive, there is governing body EVITA which sets the architecture and standards for HSM’s in Automotive Industry.
(EVITA is an automotive cybersecurity project which is started by European union).
The architecture, which is being stated by EVITA, for performing cryptography in automotive chips is that, there would be 2 domains: A dedicated application subsystem and A security subsystem domain(HSM),
- Application domain would have one or more number of CPU’s doing all the application-oriented work like, it would be having all the peripherals through which sensors- modules are connected and interact with outside world.
- And in Security Subsystem their would-be single CPU having cryptography accelerators, dedicated memory for key storage and resources which will performing all crypto services and operations. This CPU is solely responsible for doing cryto calculations for cryto algorithms.
The crypto services are provided to Application CPU via Security subsystem CPU by service requests, for this there is dedicated hardware interface (called as message unit) which makes the application CPU and security subsystem CPU talk with each other.
Now if we look inside HSM’s used in Automotive, there would be
- Dedicated cryptography accelerators.
- Memory regions for key storage and management
- Random number generators for key generation,
- Monotonic counters for having trusted time state and system resources like: DMA (Direcr memory Access), Interrupts,
- Dedicated Firmware for HSM has to be programmed into the security subsystem CPU dedicated only for HSM so as to use and configure the crypto services. Thus we need to write code for the security features and the services that we need in our application CPU.
Use case of HSM
So, working would be like, say there is an automotive IC in which there is application domain and HSM. Now there is a sensor which is connected to an application domain, say pressure sensor connected via I2C protocol. Now this pressure sensor data reading has to be encrypted. Say encryption has to be done using crypto algorithm AES. This encryption is a cryptographic service, so this would be performed in HSM.
Thus, application Domain would send the request to HSM via Cryto API’s to encrypt the pressure sensor data. The request is sent as a service request through dedicated EVITA hardware interface which would instruct the HSM to perform corresponding crypto service on the data which is being input by application domain. HSM would then return the response of the service with the encrypted data.
Crypto RTD (Real Time Drivers) are the API through which Application domain sends the request to HSM. And HSM has dedicated Firmware called as security firmware which takes up these requests and perform cryptography operations.
So that’s how cryptography operations would be performed in automotive. Having the dedicated HSM, application CPU power and time can be used for other operations.
Examples of HSM
Many silicon vendors have automotive controllers and chips with dedicated Hardware Security Modules according to EVITA Standard.
- NXP Semiconductors has its S32 Family of MCU’s/MPU’s for automotive, they have dedicated HSM in it based on ARM Cortex M0 by the name of CSEs and HSE (Hardware Security Engine).
- Infineon AURIX family of MCU’s with dedicated ARM Cortex M based HSM in it.
- STMicroelectronics Telemaco3P family of automotive MCU with dedicated ARM Cortex M3 based HSM in it.
So to conclude to understand crytography in AUtomotive we need to have idea about following things:
- What is a cryptography in general. Cryptography Algorithms, Cryptography Keys, Cryptography services and features for data protection. How Safety-security, authentication, confidentiality and integrity of data is done by cryptography.
- How is crytography implemented in the industry and in microcontroller level, as at the end everything is controlled by microcontroller or microprocessors. For that one needs to know bit of MCU, its architecture, about HSM, how to program and debugge in MCU, ARM Cortex Processors.
Author: Kunal Gupta
