Automotive Trends - Security - TNTDPCtntdpc.com/automotiveelectronics/speak/Speakers...
Transcript of Automotive Trends - Security - TNTDPCtntdpc.com/automotiveelectronics/speak/Speakers...
Automotive Trends -SecurityArun Bhat09.12.2016
2nd EditionConference on Automotive Electronics
Table of contents
Automotive Trends
Deep-Dive into the future connected car
1
2
22016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Table of contents
Automotive Trends
Deep-Dive into the future connected car
1
2
32016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
The outlook for the global semiconductor market is cautious
Source: WSTS for historical data. Forecast: of WSTS, IHS Markit, Gartner, IC Insights; last update 25 July 2016
Global semiconductor marketin billion $
Forecast revenue rangeMarket size (revenue)
42016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Infineon benefits from industrial, auto and security, the by far fastest growing segments
-0.2%
1.1%
0.7%
1.9%
4.8%
5.7%
7.8%
Communications
Consumer
Data Processing
Total Semi Market
Chip Card ICs**
Automotive
Industrial
Source: IHS Markit, Worldwide Semiconductor Shipment Forecast, June 2016* In calendar year 2015** source: ABI Research, “Secure Smart Card & Embedded Security IC Technologies”, January 2016; microcontroller ICs
CAGR 2015 – 2020 by Semiconductor Industry Segment
$347bn*
$108bn*
$42bn*
$29bn*
$45bn*
$123bn*
$3.7bn*
52016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
› Increased connectivity and software content increase risk exposure to hackers
› Internal/external connectivity must be secured
Four megatrends are shaping the automotive market, significantly increasing the semi content per vehicle
› Advanced connectivity isdriven by making the carpart of the Internet
› The car will be fully connected (V2I, V2V, in-vehicle)
Connectivity Advanced security
ADAS/Autonomous driving
› From ADAS to semi-automated and finally autonomous driving
› Every world region is striving for “0-accident”
› Mandated CO2 reductions make electrification of powertrain inevitable
xEV/eMobility
62016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Level 2 Level 3 Level 4
Lid
ar
5%
Radar
30%
Cam
era
35%
$550
Actu
ato
rs
To
tal
BoM
20%
Sensor
Fusio
n
10%
ADAS semi growth driven by radar and camera sensor modules
Average ADAS semiconductor content per level of automation
40%
To
tal
BoM
0%
Lid
ar
Sensor
Fusio
n
Cam
era
$100
Radar
60%
Radar
Cam
era
45%
$400
12%
To
tal
BoM
Actu
ato
rs
Sensor
Fusio
n
Lid
ar
8%
› Market take-off:2015-2020(up to 30m vehicles p.a.)
› Key market driver:NCAP, Automatic EmergencyBrake, Blindspot Detection
› Market take-off:2020-2025(up to 10m vehicles p.a.)
› Key market driver:Automated Driving in specificsituations (e.g. parking, highway)
› Market take-off:2025-2030(up to 5m vehicles p.a.)
› Key market driver:Autonomous Driving
0%
0%35%
72016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
xEV growth driven by power semis
Average xEV semiconductor content by degree of electrification
$47
$29
$338
ICE
$414
total
$76
$15 $60
$282
$338
$15
$709
ICE total
$372Power
Power
Others
OthersSensors
µC
$77
$49
$387
$704$190
Power
Others
Sensors
µC
Adder for DC-DC and starter/generator Adder for DC-DC, inverter, onboardcharger
› high growth for 48 V (not even including 48 V auxiliaries nor mild hybrid)
› PHEV to overtake HEV after 2020, especially in Europe
› strong growth driven by Chinese OEMs and Tesla
48 V HEV / PHEV EV
total
2020: 1.6m* 2020: 3.5m HEVs*
1.9m PEHs*
2020: 1.4m EVs*
*Source: IHS Markit, “Alternative Propulsion Forecast”, January 2016, expected number of vehicles
82016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Infineon is ideally positioned to benefit most from megatrends ADAS, xEV, and security
Addressed by Infineon Not addressed by Infineon
ADAS/autonomousdriving semi market
xEV/e-mobilitysemi market
High market coverage already in 2015 will be kept with ramp-up
of new power products
[$m] [$m]
Source: IHS Markit, Strategy Analytics, Infineon estimations
2020
3,827
~40%
2015
1,801
~30%
6,700
~45%
2025 2025
4,740
~80%
2020
3,050
~80%
2015
1,380
~80%
Higher market coverage driven by radar penetration, AURIX™
penetration and actuators
Security semi market
Key enabler for secure connectivity
[$m]
15 100%
2020
700
200
20252015
92016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Table of contents
Automotive Trends
Deep-Dive into the future connected car
1
2
102016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Immobilizer, AlarmDoor lock
Engine tuning protectionComponent protection…
Secure onboardcommunication, eCall,V2V,ADAS…
Concierge serviceRemote diagnosisRemote SW updateCar sharing…
Four main security concerns eventually affecting all cars on the road
Basic TheftAdvanced Fraud
& TheftAdvanced Safety Car Services
Insurance priceWarranty costsLoss of revenue
Cyber terrorismLoss of reputation
Breach of privacyLoss of revenue
112016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Domain
Subdomains
Systems
Possible Attack Scenarios
Components Sensor,
Microcontroller, Actuator Body
Infotainment
Safety
Power train
BrakePassive Safety
zFAS
Active Safety
SystemComponentsCamera, Frontend, Sensor, Processor, Microcontroller,
WiFi, …
V2V
EPS
Cam / Radar
Subdomains
SystemsComponents Modem
GSMRadio
Internet
PhoneSystemComponentsModem
Wifi
Bluetooth
Apps
Input
Output
Input
Output
Input
Output
Input
Output
Proven and / or used Attacks
Possible Attacks
Open and Start Car
NAV
Bus Spoofing for
Theft, Fraud,
Extorsion …
Reporgramand Hack
Systems to cause harm
Implement Counterfeit Component
s
Sent Car wrong way
Espionage
Cause Traffic Collapse
Deploy Airbags
(unlikely)
Force actuators to make wrong
descions
Tuning
FallsifySensor Data
122016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
The growing symbiosis between vehicle and environment offers plenty of opportunities
HACKER ATTACK
Unwanted access must be denied
Infotainment
Steering
AirbagBrake
Engine Management
Traffic Jam DetectionAccident Avoidance
Prioritization ofEmergency Services
Toll Control
Tablet &Smartphone
TrafficInformation
InfotainmentApps
RemoteDiagnostics
SoftwareUpdate
Car RepairShop
eCall InternetServices
PaymentSystems
132016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Evolution of the board net architecture
› Considerable computing performance increase
› Integration of consumer devices
› External connectivity
› In-field upgradeability
Transmission
Battery Management
Engine Control
…
ABS/ESP
ACC
Car2Car Com
…
Door Module
Air Condition
Seat control
Immobilizer
E-Call/cell wireless
Connectivity ECU
Head Unit
…
Gateway
Today
Distributed ControlAlmost one ECU per mechanical function –connected by multiple interfaces
Dynamics Control
Energy Management
Torque Control
…
DrivingDomain
Lid
ar
Cam
era
Rad
ar
…
ADASDomain
Lighting
Theft Protection
HVAC
…
Body & ComfortDomain
HMI
Entertainment
Navigation
…
InfotainmentDomain
Connectivity Gateway/Data Fusion
2020+
Distributed ComputingFunctions clustered in domains –connected by high-performance networks
Dependability(new term set by the industry)
142016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Security
Dependability (as defined by IFIP WG 10.4)
Dependability
Safety
Availability
Reliability
IFIP: International Federationfor Information Processinghttp://www.ifip.org/
152016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Basic security approaches discussed
Dynamics Control
Energy Management
Torque Control
…
DrivingDomain
Lid
ar
Cam
era
Radar
…
ADASDomain
Lighting
Theft Protection
HVAC
…
Body & ComfortDomain
HMI
Entertainment
Navigation
…
InfotainmentDomain
Connectivity Gateway/Data Fusion
Basic Protection of single ECUs(Immobilizer & Access)
Firewall & Gateway
Sandboxing
Secure On-boardCommunication
Telematics Control Unit
OBD
162016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Enabling the root of trust for internal and external communication
Trust anchors
Automotive security ArchitectureTrust anchors with different security levels
Protected Execution Environments hosting
Key storage and related cryptographic operation
Security Applications
Transmission
Battery Management
Engine Control
…
Powertrain Domain Controller
ABS/ESP
ACC
Car2Car Com
…
Chassis DomainController
Door Module
Air Condition
Seat control
Immobilizer
Body DomainController
E-Call/cell wireless
Connectivity ECU
Head Unit
…
Infotainment DomainController
Gateway / Firewall
Integrated on MCU
High speed
Secure Onboard Communication
Logical security
2
1
Discrete Security Controller
External communication
Protecting high value
By certified hardware security
172016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Infineon’s Product Portfolio for aSecurity Architecture 2018++
Battery Management
Inverter
Engine Control
…
Powertrain Domain Controller
ABS/ESP
ACC
Car2Car Com
…
Chassis DomainController
Door Module
Air Condition
Seat control
Immobilizer
Body DomainController
E-Call/cell wireless
Connectivity ECU
Head Unit
…
Infotainment DomainController
Gateway / Firewall
Discrete Hardware Security
AURIX™AUDO MAX
Application:
Powertrain/Safety
Driver:
On Board Security
Application:
Car Services
Driver:
Standards reuse
TPM
Application:
Car2Car Communication
Driver:
Network integrity,Privacy
SLI 97 V2V
Application:
Cellular Com
Driver:
Network auth.
SLI 76 SLI 97
Integrated1 2182016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Automotive Security – use case
SHAL
TLS SHEIntrusion
ManagementSecVLAN
GSM
WiMAX
LTE
UMTS
DVB-T
CALM-M5
DSRC
WLANp
Hardware
Safety & Security
Security
Hardware Abstraction Lib
Security
Standard
&
Protocols
Com
Stack
App
Safety
&
Security
Ladder
192016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Historic and future Market Development: Telematics starting to ramp significantly
0
10
20
30
40
50
60
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
Millio
n u
nit
s
TOTAL Telematics ECU
Telematics ECU:
• CAGR15-20: 17%
• CAGR15-22: 14%
Telematics ECU show promising growth ratesTelematics is offering an interesting upside potential
Source: SA_Automotive_Infotainment_and_Telematics_Q4_2015_Database.xls
202016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
› fewer trips to the garage
› engagement from new features launches
Software Over The AirMotivation
Extract value New Revenue streams *
Cost reductionFewer Recalls
› 60-70% of recalls are due to SW glitches**
› improved vehicle performance
› new features over lifetime
Customer satisfactionBetter & faster
* Morgan Stanley
** Frost & Sullivan
212016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
SOTA is desired by OEMs for embedded ECUsSafe and Secure - At all times
Secure update: Unwanted access must be denied
› Protection of service pack and vehicle update
› IP Protection
› Tuning and Malware Protection
› Customer Acceptance & Confidence
Safe update & driver acceptanceLegal requirement before update can commence
› Safety in compliance with legal release process
› Extended downtime
› Could lead to battery issues at remote location
› Could lead to customer dissatisfaction
222016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Secure OTA ArchitectureA brief explanation
Security Updates
Auto Apps
Software Update
Performance Upgrade
Safety and security must be ensured throughout the process
Step 1: Download while driving
Software download to central storage Unnoticed by the customer Vehicle shall be at any time safe and
operational
Step 2: Update from central storage
After customer approval
In the background or at key-off
Permissible update time
(100s to 15min)
Confirmation to Backend
232016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Secure SOTA architecture Security partitioning
› Mutual authentication between car and OEM update server
› Encrypted transport channel
› Cellular Network access
Service Authentication
Verification and central Storage
› Service Pack reception
› 1st verification
› Storage in car central memory
Update of Target ECU
› Service Pack reception
› 2nd verification
› Flashing of code memory
TelematicsUnit
Central Storage
Central Gateway
OPTIGA™ TPM
Application Processor & Modem
SLI 76/ SLI 97
AURIXTM
HSM
AURIXTM
HSM OBD
Domain A
Target ECU
Domain B
Target ECU
…
UpdateServer
OPTIGA™ TPM
AURIXTM
HSM
AURIXTM
HSM
AURIXTM
HSM
SLI 76/ SLI 97
** depending of customer architecture part of gateway, telematics etc.
* depending of customer architecture part attached to application processor or AURIXTM
242016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
SOTA requirements for existing ECUsSecure update requires two essential building blocks
› Secure Boot
› Authentication
› Encryption / Decryption
› Key Management
› Integrity Check
HSM* Module:Security module functions
Secure Flash Bootloader:SOTA prerequisite
› Initiate update process
› Erase old SW version
› Load single SW blocks
› Decrypt & check integrity
› Unzip & perform signature check
› Rewrite
› Verify completeness of service pack
› Confirm execution to backend
AURIX™ HSM offers the strong isolation and crypto agility required for SOTA
*) Hardware Security Module
252016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
SW update from central storage Topology 1
ECU
32-bit Lockstep
Core
AURIXTM
PFlash
COM
› Data download & reprogramming from central storage at key off
DOWNTIME:
› Depends on network architecture
› minutes (CAN)
› seconds (Ethernet)
Central Storage
Downtime(parking situation)
Cost Impact
Impact on Power Consumption
Impact on ECU Performance
AURIX
Update from Central Storage
~16–290s (4MB)
minor none none Available Today
AURIXTM can support SOTA today with minimal cost and effort
262016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
SW update from local ECU storage Topology 2
ECU
Central Storage
› Data download from central to local storage while driving
› Reprogramming from local storage at key off
DOWNTIME:
› Reduced to seconds, regardless of the network architecture
Local Storage
SPI(20Mbit)
32-bit Lockstep
Core
AURIXTM
PLASH
COM
Downtime(parking situation)
Cost Impact
Impact on Power Consumption
Impact on ECU Performance
AURIX and external serial Flash
Update from Local Storage
~15s(4MB)
medium none none Available Today
SPI
AURIXTM can support a whole system update in seconds
Automotive grade serial Flash widely available today
272016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
SW update by doubling program FlashTopology 3 - A/B SWAP
ECU
Central Storage
32-bit Lockstep
Core
PLASHA
COM
Downtime(parking situation)
Cost Impact
Impact on Power Consumption
Impact on ECU Performance
MCU withDouble PFlash
Double Program Flash
~ 10ms(SW reboot)
significant + ca. 5% ~0-15% Future Consideration?
› Data download from central storage to unused Flash partition while driving
› A/B SWAP at key on
DOWNTIME:
› Instantaneous system update
Download is instantaneous, but higher cost,
implementation effort and unclear impact on functional safety
PLASHB
SWAP
282016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Summary Software Over The Air
Security is essential; on product and process level- Certified products such as TPM are best practice for securing critical
external interfaces
HSM is mandatory for Secure Flash Bootloader implementation
Revolution of network topology is unlikely- Smooth SOTA migration path required- Key will be the customer acceptance of potential downtime- Solutions are available today without significant cost impact
Infineon can support SOTA with AURIXTM and OPTIGATM TPM
Software Over The Air impacts the overall
car architecture
292016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Infineon’s Product Portfolio for aSecurity Architecture 2018++
Battery Management
Inverter
Engine Control
…
Powertrain Domain Controller
ABS/ESP
ACC
Car2Car Com
…
Chassis DomainController
Door Module
Air Condition
Seat control
Immobilizer
Body DomainController
E-Call/cell wireless
Connectivity ECU
Head Unit
…
Infotainment DomainController
Gateway / Firewall
Discrete Hardware Security
AURIX™AUDO MAX
Application:
Powertrain/Safety
Driver:
On Board Security
Application:
Car Services
Driver:
Standards reuse
TPM
Application:
Car2Car Communication
Driver:
Network integrity,Privacy
SLI 97 V2V
Application:
Cellular Com
Driver:
Network auth.
SLI 76 SLI 97
Integrated1 2302016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Better safety by Vehicle to Vehicle Communication
› Increase situational awareness by communication between cars and roadside
› Derive driver warnings and (later) autonomous vehiclereactions.
› Control behavior of traffic lights
› Support of prioritization of ambulance and police vehicles
Source: CAR 2 CAR Communication Konsortium
Vehicle to Vehicle Communication
Vehicle to Roadside Communication
312016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Vehicle to Vehicle CommunicationSecurity Partitioning
Security Drivers
1. Network Integrity
2. Privacy
Security Engine
Verification SigningCertificate Updates
Incoming Messages Outgoing
Messages
Pseudonymous Certificates
322016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Infineon’s Product Portfolio for aSecurity Architecture 2018++
Battery Management
Inverter
Engine Control
…
Powertrain Domain Controller
ABS/ESP
ACC
Car2Car Com
…
Chassis DomainController
Door Module
Air Condition
Seat control
Immobilizer
Body DomainController
E-Call/cell wireless
Connectivity ECU
Head Unit
…
Infotainment DomainController
Gateway / Firewall
Discrete Hardware Security
AURIX™AUDO MAX
Application:
Powertrain/Safety
Driver:
On Board Security
Application:
Car Services
Driver:
Standards reuse
TPM
Application:
Car2Car Communication
Driver:
Network integrity,Privacy
SLI 97 V2V
Application:
Cellular Com
Driver:
Network auth.
SLI 76 SLI 97
Integrated1 2332016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Infineon at a glance
Financials Market Position*
Business Segments Employees
527 377 620 897
FY 12 FY 13 FY 14 FY 15
[EUR m]
Europe
14,533 employees
About 35,400 employees worldwide(as of Sep. 2015)
Americas
3,682 employees
Asia/Pacific
17,209 employees
34 R&D locations19 manufacturing locations
Revenue Segment Result Margin
15.5%14.4%9.8%
13.5%
3904 38434320
5795
41%
11%
17%
31%
Automotive
(ATV)
Industrial Power
Control (IPC)
Chip Card &
Security (CCS)
Power Management & Multimarket (PMM)
Revenue FY 2015
# 2 # 1
Automotive Power Smart card ICs
# 2
Strategy Analytics,April 2016
IHS Markit,July 2016
IHS Markit,July 2016
342016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.
Summary
Source: Rinspeed
Semiconductors are KEY to enable Self Driving Cars
Cooperation of Semiconductor &
Tier1’s, OEMsare a MUST to
develop reliable cars
352016-11-10 Copyright © Infineon Technologies AG 2016. All rights reserved.