Automotive Cybersecurity »A Race Without a Finish Line«

Infineon und Xain wollen gemeinsam die Blockchain-Technologie ins Auto bringen. Ein erster gemeinsamer Demonstrator zeigt, wie Zugangsrechte dezentral per Smartphone vergeben werden können, beispielsweise für Car Sharing.
Blockchain technology for better protection against hackers: This allows access rights to be assigned decentrally via smartphone, for example for car sharing.

Hackers have an extensive arsenal of technical aids at their disposal - some even use the consequences of a nuclear weapons test in 1945 for their own purposes. The automotive industry is countering this with special hardware and blockchain technology.

With two figures, Peter Schiefer, President of Infineon's Automotive Division, explains why data security is playing an increasingly important role in vehicles: "We expect around eight million electric cars in 2025 and around three million vehicles that can be highly automated to Level 3," said Schiefer at the opening of Infineon's first Automotive Cybersecurity Forum on October 25, 2018 in Munich. Both vehicle categories are characterized by a particularly high degree of networking. Their attack surface for hacker attacks is correspondingly large.

Common attack methods include increasing the range of keyless access systems, side channel attacks, power consumption analyses, or error injections to provoke false reactions of semiconductor components. Even radioactive alpha radiation is used for this purpose, as the two security experts Markus Janke and Peter Laackmann from Infineon report in an exciting lecture. However, such radiation sources are expensive and difficult to obtain. But especially resourceful hackers have also found a solution to this problem: They use so-called "Trinites". These are weakly radioactive rocks that were formed from molten sand during an atomic bomb test on the Trinity test site in New Mexico in 1945 and are sold to mineral collectors. Placed directly on an unprotected building block, the Trinite's radiation is sufficient to induce errors.

In addition to the various threat scenarios, the Automotive Cybersecurity Forum was primarily concerned with specific protective measures. Christoph Kaus from the Fraunhofer Institute, for example, presented possible applications of a Trusted Platform Module (TPM). A corresponding module specifically for automotive use has recently become available from Infineon. In addition, the Munich-based semiconductor group will work together with the Berlin start-up Xain on the use of blockchain technology in automobiles. Together they want to test different application possibilities and bring them to market maturity. A first demonstrator shows the decentralized allocation of access rights via smartphone, for example for car sharing applications. Other possible applications for blockchain technology include automated payment processes, on-demand services, tuning protection, and automated driving functions.

All second generation Aurix microcontrollers from Infineon can already support blockchain functions in automobiles. The basis is an integrated Hardware Security Module (HSM). These modules are special computing and storage units within the microcontroller that are reserved for cryptographic functions and secured by their own firewall. The microcontrollers thus offer a secure memory for the digital key for identification in the blockchain. They can also perform blockchain operations such as hashing or digital signing quickly and securely.

Even though technically sophisticated protection options are now available, Schiefer nevertheless warns against any form of negligence: "The battle for data security is a race without a finish line.”