ARM Processor With Independent Hardware Security Module Protects CAN Bus Networks From Cyber Threats
The STA1385 by STMicroelectronics is a fully automotive, power efficient System-On-Chip (SoC), targeting cost effective processing solutions for innovative Telematics and Connectivity applications including Cyber-security protection.
It features a powerful Dual ARM Cortex-A7 processor, an embedded and independent Hardware Security Module (HSM), an isolated sub-system based on ARM Cortex-M3 for vehicle CAN interfaces and a full set of standard connectivity interfaces, including a dual Gbit ETH AVB controller and Flexray.
According to STMicroelectronics, the Telemaco3P telematics and connectivity processors (STA1385 and its variants) are the first automotive micro-processors to integrate an isolated Hardware Security Module (HSM), which acts like an independent security guard to watch data exchanges and encrypt and authenticate messages. The HSM checks the authenticity of received messages and any external devices that try to connect and protects against eavesdropping.
With this HSM on-chip, Telemaco3P devices are ahead of the general-purpose application processors typically found in current connected-car systems, which lack dedicated hardware-based security, said the company. ST’s chips also comes with a 105 °C maximum temperature rating for use in locations that can become extremely hot, such as on top or directly beneath the roof in a smart antenna. The HSM also runs software-security algorithms, giving freedom for the main high-performance CPU to host more applications.
Integrated CAN FD, Gigabit-Ethernet, and 100-Mbit/s Secure Digital I/O interfaces allow the Telemaco3P family to be used as communication gateways throughout the vehicle, for linking infotainment systems, or ECUs connected to the CAN network. This includes door controllers, engine or transmission management systems, or body electronics. The Telemaco3P features two CAN FD and one Classical CAN interface. Essential power-management circuitry is also integrated.
The STA1385 is designed to comply with the automotive functional-safety standard ISO 26261, up to safety integrity level B (Asil-B), and meet the Autosar specification for protected communication across the CAN network. Telemaco3P devices can run Posix-compliant operating systems (OS), giving users flexibility to choose their OS for a variety of intended use cases.
- Download/View the STMicroelectronics STA1385 data sheet (PDF)...
- Download/View Telemaco3P automotive family of telematics and connectivity microprocessor (PDF)...
- More Information...
When the Controller Area Network (CAN) was designed, security was not a requirement. The primary usage of CAN was considered closed; possible intruders or attackers would simply not get physical or remote access to the network. However, today it is more and more common that devices connected to a CAN system also have connections to other networks, including the Internet.
Recent car hacks have shown that attackers may get access to CAN systems. Without strong security features, an attacker automatically gains full access to everything connected, allowing active control commands to be recorded and replayed. In this book we examine which options developers of CAN based systems realistically can use to provide adequate security features.
What can we do - without using heavy-weight security features? What can we do - to detect possibly injected messages? What can we do - without any hardware change? What can we do - with minimal software change? The CANcrypt protocol and software is introduced as a scalable security solution for the Controller Area Network.